I did, I explained that doesn't actually work with the app stores we have. Aren't you advocating for reproducible builds everywhere, not just in some niche fantasy threat models?
Again, is this the threat model that means everyone should be using repro builds: Android users willing to violate the terms of usage, who can build their own application, but can't sideload for some reason?
-
-
I still don't see what the end user has to do with it? The whole point we're arguing for is that if *one* party you trust can build a binary that they verify is the same as that of the distributor, nobody else has to do a build. Vendor and auditor don't have to be the same.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.