[rb-general] What is the goal of reproducible builds?
Santiago Torres-Arias
santiago at archlinux.org
Mon Dec 9 14:57:08 UTC 2019
On Mon, Dec 09, 2019 at 01:44:11PM +0000, Orians, Jeremiah (DTMB) wrote:
> > TLDR:
> > The goal of reproducible builds is to reduce the likelyhood of running software that was corrupted (during build)
>
> Absolutely correct.
> For those that worry about the trusting trust attack, we have bootstrappable builds
> #bootstrappable on freenode (irc)
> https://bootstrappable.org/
I'm not absolutely convinced that reproducible builds does not help with
the trusting trust attack. It all boils down as to where did a
backdooring compiler come from, and how is it backdooring the build.
Cheers,
-Santiago.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20191209/d0f9aef4/attachment.sig>
More information about the rb-general
mailing list