[HN Gopher] Independently verifying Go's reproducible builds
       ___________________________________________________________________
        
       Independently verifying Go's reproducible builds
        
       Author : speckx
       Score  : 83 points
       Date   : 2025-10-29 19:32 UTC (1 days ago)
        
 (HTM) web link (www.agwa.name)
 (TXT) w3m dump (www.agwa.name)
        
       | GauntletWizard wrote:
       | This is important work, and I thank you for it. These public
       | transparency logs are important for keeping honest people honest,
       | but also for keeping dishonest people out - If someone _does_
       | manage to backdoor Google 's build process, this is how they'll
       | know.
        
       | h4ck_th3_pl4n3t wrote:
       | Repo of sourcespotter: https://github.com/SSLMate/sourcespotter
        
       | jasonthorsness wrote:
       | It's great that these reproducible builds are possible and this
       | is an incredibly thorough and careful validation. Thanks!
        
       ___________________________________________________________________
       (page generated 2025-10-30 23:00 UTC)