Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Proposal for more-trustable code from app stores; comments welcome.

Max R.D. Parmer maxp at trystero.is
Wed Sep 24 21:39:46 PDT 2014


On Wed, Sep 24, 2014 at 01:25:02PM -0500, Karl Fogel wrote:
> Quick summary is:
> 
>   Today, app stores don't even clearly *distinguish* open-source from
>   closed-source apps, let alone do the builds themselves.
> 
>   It would be great if app stores built open-source apps directly from
>   the public source tree, stating exactly which snapshot was used.  And
>   it would be even better if they did so with deterministic builds --
>   though even just knowing that the app store had done the build
>   themselves (instead of the app's author doing it) would be a huge win,
>   and deterministic builds would be gravy.
> 
> Details in the article.
Direct link:
https://openitp.org/circumvention-tech/app-stores-and-trustable-code.html

Deterministic builds really would be great, this would enable
multi-party verified builds a la gitian but overall, I agree, choosing
one party to trust with the build would be an improvement. It's not
as if the app store proprietor is a neutral party in the transaction,
they could just as well tamper the developer's (possibly untrustworthy)
build.



More information about the liberationtech mailing list