"Reproducible build" definition in OpenSSF glossary
Ismael Luceno
ismael at iodev.co.uk
Sun Jun 29 13:01:12 UTC 2025
El 29 de junio de 2025 12:23:56 UTC, Leo Wandersleb <Leo at LeoWandersleb.de> escribió:
>*2. Post-hoc/Forensic Reproducibility*Artifacts that can be reproduced even when the original author didn't specifically design for it. At walletscrutiny.com, we often reverse-engineer build processes, figure out the exact build environment, and successfully reproduce binaries that were never intended to be reproducible. This is equally valuable for security verification.
From the perspective of an OS this doesn't make sense because we shouldn't be taking any binaries ever, we're comparing builds among us, perhaps even just in the time domain, but definitely not with upstreams.
More information about the rb-general
mailing list