|
|
|
|
|
|
by dwheeler
2010 days ago
|
|
|
If the compromise was inserted during the build process, then one countermeasure could have been reproducible builds. Reproducible builds require the source code, but they can verify whether or not the build matches the claimed source code. That would work even after it was signed. |
|
|