|
|
|
|
|
|
by BenTheElder
1772 days ago
|
|
|
Good points. I suspect for a lot of projects reproducible builds are themselves a bit of a hurdle and not being verified in the rarer case that they already exist, but the point of reproducible + signed builds as indirect source-signing stands. |
|
|