[liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!]
Alexander E. Patrakov
patrakov at gmail.com
Thu Jun 20 19:28:16 PDT 2013
Thanks for making Tor Browser builds deterministic (even though I
don't use Tor browser), and especially for promoting the idea of
deterministic builds.
Actually, I have to add that, in Russia, in order to be officially
certified as "secure-enough to keep certain kinds of confidential
data" by the government agencies, any submitted software has to have
deterministic build, and they verify that by comparing the builds
byte-for-byte. Any different byte not in gzip header is an immediate
ground for rejection.
By promoting deterministic builds, you help certain Russian companies
(that I don't work for but have friends in) to reduce the amount of
patches they need to carry in order for their builds of open-source
products to be certified. So - thanks again!
--
Alexander E. Patrakov
More information about the liberationtech
mailing list