On android "secure messengers" and reproducible builds (or lack thereof)

Holger Levsen holger at layer-acht.org
Thu Dec 8 16:43:35 UTC 2022

On Tue, Dec 06, 2022 at 02:17:02AM +0100, FC Stegerman wrote:
> I looked at how several android messenger apps claiming to have
> reproducible builds actually verify that they do [1].
> TL;DR: It's quite possible these messengers actually have reproducible
> builds, but the verification scripts they use don't actually allow us
> to verify whether they do.
> [1] https://gist.github.com/obfusk/c51ebbf571e04ddf29e21146096675f8

that's really cool, thank you for sharing this here! the results are 
actually a bit depressing but it's good to have them in presentable form.


 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20221208/f9affbd0/attachment.sig>

More information about the rb-general mailing list