Post 9xaKNfSg8jfFPC75gO by carlozancanaro@mastodon.technology
 (DIR) More posts by carlozancanaro@mastodon.technology
 (DIR) Post #9xZ1EorPjVChf7n4MK by julm@framapiaf.org
       2020-07-29T02:15:10Z
       
       0 likes, 1 repeats
       
       #TavisOrmandy: "You don’t need #reproducible builds."« I’m skeptical about #BuildReproducibility, but ardent supporters are defending and cheering for it at every opportunity. After a few too many heated discussions, I’ve decided to write down my thoughts on the topic. »http://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.html#NixOS #Guix
       
 (DIR) Post #9xaKNfSg8jfFPC75gO by carlozancanaro@mastodon.technology
       2020-07-29T08:39:07Z
       
       0 likes, 1 repeats
       
       @julm One thing this view is missing is that build reproducibility provides a mechanism for accountability.When there is an expectation that the binaries correspond exactly to the source, and there are tools to verify it, then vendors can be kept accountable when they violate that expectation.The goal of reproducible builds isn't to solve all potential supply chain attacks, but it provides an important foundation on which other things can be built.