windows binary for gnupg 1.4.11 // compilation instructions posted

vedaal at nym.hush.com vedaal at nym.hush.com
Fri Sep 16 20:49:09 CEST 2011


Johan Wevers johanw at vulcan.xs4all.nl 
Fri Sep 16 20:28:52 CEST 2011 wrote:

>Why not also host a copy of the existing binary?

Because then who is to say that it wasn't tampered with?

The whole point is to start with gnupg.org signed and verified 
material, and then let the user take it from there.

Although, 
[and am over my head here, so please correct if wrong],
if there *could* be a way of providing instructions on compiling, 
so that the resultant compiled file would always have the same 
hash,

then it might make sense to host the compiled binary and the hash.


My understanding, (which may be outdated),
is that there are too many variations in individual user systems, 
so that the compiled files would  never have 'exactly' the same 
hash independent of where they are compiled.

Is there any way to ensure that if the same source code and the 
same compiler is used, that the resultant files have the same hash?

Thanks,

vedaal

 




More information about the Gnupg-users mailing list