reproducible builds [was: Re: BitMail.sf.net v 0.6 - Secure Encrypting Email Client]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Nov 15 18:23:09 CET 2013
On 11/15/2013 12:06 PM, Robert J. Hansen wrote:
> getting two
> computers to generate the exact same binary code from the exact same
> source code is a surprisingly difficult challenge. It requires a
> perfect match of everything from compiler versions to C library versions
> right down to identical *clocks* -- because often, compilers will
> incorporate timestamps into the output.
>
> Doing checksum validation of source code is feasible. Of binary code,
> not really.
Robert's right that reproducible binary builds are a non-trivial task.
However, they're not impossible, and this is an active and ongoing field
of work. For those interested, i recommend this as a jumping off point:
https://wiki.debian.org/ReproducibleBuilds#References
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131115/9cef9e39/attachment.sig>
More information about the Gnupg-users
mailing list