zlacker

[parent] [thread] 3 comments
1. RL_Qui+(OP)[view] [source] 2020-06-05 03:00:32
Determinism.

https://tests.reproducible-builds.org/debian/reproducible.ht...

We're making great strides into software being completely deterministic. The Bitcoin project for many years has had completely deterministic binaries and a ceremony process for GPG signing the output with many individual parties.

replies(2): >>drdrey+26 >>depend+pd
2. drdrey+26[view] [source] 2020-06-05 04:08:25
>>RL_Qui+(OP)
See my other comment about determinism: https://news.ycombinator.com/item?id=23424925

Trying to get a bit-to-bit equivalent of a binary lifted from the app store sounds challenging to say the least.

replies(1): >>ryukaf+47
◧◩
3. ryukaf+47[view] [source] [discussion] 2020-06-05 04:21:29
>>drdrey+26
Yes, this is more difficult than it sounds - but GP linked to the reproducible builds project which has gotten there already for a lot of software.

See also Guix, which provides tools to challenge servers providing binary packages to see if they match a locally-built version: https://guix.gnu.org/manual/en/html_node/Invoking-guix-chall...

4. depend+pd[view] [source] 2020-06-05 05:48:16
>>RL_Qui+(OP)
There is https://signal.org/blog/reproducible-android/ but it is not complete.
[go to top]