Hacker News new | ask | show | jobs
by jblwps 2311 days ago
As greysonp points out, yes; Signal has had reproducible builds since March 2016. So we can prove that those published binaries do not have backdoors insofar as we can prove that the corresponding source code does not have backdoors.
1 comments
mechnesium 2311 days ago
If you didn’t create the binary yourself how can you trust it?
link
jblwps 2308 days ago
Because you can reproduce that binary bit-for-bit to confirm its corresponding source code. That's the point of a reproducible build.

https://en.wikipedia.org/wiki/Reproducible_builds

link