|
|
|
|
|
|
by dane-pgp
1772 days ago
|
|
|
With reproducible builds, the difference between signing a binary and signing the source code from which it is built should be meaningless. I agree that the threat model should include the threat of untrustworthy source code, because we want the countermeasures to work equally well against backdoors, "bugdoors", and genuine bugs. |
|
|
I suspect for a lot of projects reproducible builds are themselves a bit of a hurdle and not being verified in the rarer case that they already exist, but the point of reproducible + signed builds as indirect source-signing stands.