Easy: You already have to build the software yourself in order to verify it reproduces, so then you use that build. Then it doesn't matter if they're bit-for-bit identical or not.
Yes, agreed. So at the moment, you reproduce the build once, verify the checksum, then deploy the official binary. I'm saying, build it once, then deploy *your* binary. Where is the flaw in that system? You must already be able to run a command on every system, right?
-
-
I don't have a delivery mechanism for *MY* binary. I don't want to build it - it already exists.
-
Can you run a command on every system?
- 12 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.