windows binary for gnupg 1.4.11 // compilation instructions posted

vedaal at vedaal at
Fri Sep 16 20:49:09 CEST 2011

Johan Wevers johanw at 
Fri Sep 16 20:28:52 CEST 2011 wrote:

>Why not also host a copy of the existing binary?

Because then who is to say that it wasn't tampered with?

The whole point is to start with signed and verified 
material, and then let the user take it from there.

[and am over my head here, so please correct if wrong],
if there *could* be a way of providing instructions on compiling, 
so that the resultant compiled file would always have the same 

then it might make sense to host the compiled binary and the hash.

My understanding, (which may be outdated),
is that there are too many variations in individual user systems, 
so that the compiled files would  never have 'exactly' the same 
hash independent of where they are compiled.

Is there any way to ensure that if the same source code and the 
same compiler is used, that the resultant files have the same hash?




More information about the Gnupg-users mailing list