See, these are the arbitrary restrictions. What system is this where they can't use the binary from you? Give me a *specific* example, don't just make one up that *could* exist.
I see, so when you said vendors are all terrible license violators, and if you force them to produce reproducible builds you might be able to catch them, you actually meant you care about their users?
Then why the focus on build infra, and nothing else?
-
-
As I said at the time, I don't care so much about the copyright infringement as the unsafety that results from vulnerable code they didn't disclose.
-
Wait do you mean the purpose of reproducible builds is actually to force vendors to disclosure their source code and they do not really carry a security benefit by themselves?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.