See, these are the arbitrary restrictions. What system is this where they can't use the binary from you? Give me a *specific* example, don't just make one up that *could* exist.
I have no idea what you're saying in this tweet. Then tell me how I can get the benefits of a reproducible build. Let's stick to Signal, as you picked it and that's fine with me. Walk me though it.
-
-
1/some, until I say done. So, you wonder "hey, this Signal app seems to be secure. Can I really trust it with my company's secrets, though? I know I trust Google to run their App Store (otherwise, my android phone can't be trusted at all), but how do I know that the software
-
actually lives up to the standards it proclaims it has?" So, you turn to someone from the field you trust: Matthew. You read through his website, and he describes his audit of the signal source code (and build system). That's nice, you say, so Matthew knows that the code he
- 8 more replies
New conversation -
-
-
everyone will benefit from reproducible builds when software update mechanisms begin to require signatures from at least m of n of the expected builders. then the build infrastructure will no longer contain SPOFs which can independently modify software. bugdoors are orthogonal.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
