Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Deterministic builds and software trust

Eleanor Saitta ella at dymaxion.org
Thu Jun 20 18:35:25 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2013.06.20 04.34, Mike Perry wrote:
> We also include the full set of git hashes, version tags, and
> input source hashes in the bundles themselves, so you know exactly
> what went into your bundle if you want to try to match it at a
> later date...

Have you considered asking developers to sign commits?  That seems
like it's the next step in terms of being able to verify a complete
chain of code pedigree.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlHDrd0ACgkQQwkE2RkM0wqzVwEAlPJUeCUVmHJqXd+tlNhMrkUf
8oJ9xuMT71ph90IaK3kA/R+FznDuOYdSedSz3bbFNpM/q1E81cNL52jxDNzbWhpK
=Rqmp
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list