Hacker News new | ask | show | jobs
by cduzz 680 days ago
Wouldn't you want to have certificates and other crypto data as an input to a reproducible build harness?

  # build initial images
  # add semi-static inputs (mostly static config data, crypto data, signed inputs)
  # add final watermarks
So each step can be verified
1 comments
bluGill 680 days ago
That final watermark is not verifiable and so you can inject something else.
link