|
|
|
|
|
|
by spinsser
2929 days ago
|
|
|
Wow! That is an interesting issue. I was thinking of having a third-party trusted services that compares the hash of the deployed application to the one they independently compiled themselves. But the complexity is nontrivial and there is enough variations between the output of the same source code across different build environments that would make hashes useless. Another possibility is having trusted compilers that would send link the source code to the build in a trusted repository. |
|
|