Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Sorry if this is a dumb question but what does reproducible mean in this context? I’m a little confused by the discussion here.
Meaning you can take the public source code and build (compile using your own tools) the whole package to run locally. From context, I’m assuming the public source is missing something to help you build it properly. (Maybe a dependency or a make file.)
In this context it actually means that you can take the source code, and get the exact same binary artifact as another build. It means that you can verify (or have someone else verify) that the released binary is actually built from the source code it says it is, by comparing their hashes. You can “reproduce” a bit for bit copy of the released binaries.
Ah gotcha, thanks!
Reproducible Builds