honestly, I'm a bit confused why you still think the end user would need to build the software. If you know what the binary should look like, you can delegate trust.
The point is, why can't you use the binary that you built? That would mean reproducible builds are worthless. Fine, building software is hard and you wanted someone else to reproduce it for you, but then why can't just the vendor and the auditor have the code?
-
-
I think the answer is "I admit that the reproducibility wasn't really important, and that I just believe in open source."

-
Reproducibility is important. Source code A leading to binary B through a reproducible build guarantees what you see (source) is what you get (the binary from the vendor). What is not clear here?
- 3 more replies
New conversation -
-
-
Because the auditor can't be trusted if getting access to the code to audit it is contingent on maintaining a good relationship with the vendor. This is 101-level stuff, *sigh*
-
LOL. No relationship with the vendor is necessary, they're *your* customer. Keep grasping for those straws Rich.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.