|
|
|
|
|
|
by aaron_m04
2939 days ago
|
|
|
> The only way I can think to "confirm" this build artifact is genuine is to get multiple hosts to independently build the artifact identically and compare them. So you have to have reproducible builds. Which I don't think many people have. This is an excellent idea, and has been done for Bitcoin and other projects: https://github.com/devrandom/gitian-builder
It's probably troublesome to setup for a new project of significant size. |
|
|