Y
Hacker News
new
|
ask
|
show
|
jobs
by
sleepychu
3475 days ago
Can you verify the binaries by reproducing them and comparing hashes? (obviously not of the whole binary but maybe some portion)
That would protect the users of those binaries.
1 comments
rocqua
3474 days ago
Deterministic compilation isn't commonplace yet. I'm not even sure if it's really usable at all yet.
Generally, we rely on signed binaries.
link
sleepychu
3469 days ago
So the signature gives you confidence because you trust the signatory?
link
rocqua
3465 days ago
Yes, or more specifically, because I trust the keys published by the developers are controlled only by the developers, and because I trust the developers to compile correctly.
link
Generally, we rely on signed binaries.