Obviously you can have source code without reproducible builds, what a ridiculous thing to say?
OK, let me explain it for you. Remember, we're not discussing which solution is better (I'll get to that), just that it's possible. You already *have* to trust the source, and the system you're going to run the binary on, correct? Do you agree so far?
-
-
trusting the source is a big but orthogonal problem. "trust the system you're going to run the binary on" i don't agree with, though; say i want to run the software in many places and i assume and accept that some of them are inevitably compromised.
-
It's relevant that you dont have a solution to the problem of malicious source code, you *have* to trust it. The system you run the binary on cant be compromised and the source code must be trusted, or repro builds are pointless, agreed? You're already owned if those arent true.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.