reproducible builds [was: Re: v 0.6 - Secure Encrypting Email Client]

Daniel Kahn Gillmor dkg at
Fri Nov 15 18:23:09 CET 2013

On 11/15/2013 12:06 PM, Robert J. Hansen wrote:
> getting two
> computers to generate the exact same binary code from the exact same
> source code is a surprisingly difficult challenge.  It requires a
> perfect match of everything from compiler versions to C library versions
> right down to identical *clocks* -- because often, compilers will
> incorporate timestamps into the output.
> Doing checksum validation of source code is feasible.  Of binary code,
> not really.

Robert's right that reproducible binary builds are a non-trivial task.

However, they're not impossible, and this is an active and ongoing field
of work.  For those interested, i recommend this as a jumping off point:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131115/9cef9e39/attachment.sig>

More information about the Gnupg-users mailing list