On android "secure messengers" and reproducible builds (or lack thereof)
Holger Levsen
holger at layer-acht.org
Thu Dec 8 16:43:35 UTC 2022
On Tue, Dec 06, 2022 at 02:17:02AM +0100, FC Stegerman wrote:
> I looked at how several android messenger apps claiming to have
> reproducible builds actually verify that they do [1].
> TL;DR: It's quite possible these messengers actually have reproducible
> builds, but the verification scripts they use don't actually allow us
> to verify whether they do.
> [1] https://gist.github.com/obfusk/c51ebbf571e04ddf29e21146096675f8
that's really cool, thank you for sharing this here! the results are
actually a bit depressing but it's good to have them in presentable form.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20221208/f9affbd0/attachment.sig>
More information about the rb-general
mailing list