|
|
|
|
|
|
by StableAlkyne
62 days ago
|
|
|
That's the purpose of reproducible build initiatives like TFA. The idea is to ensure that identical source produces bit-for-bit identical builds on multiple machines when the packages are built. Sure, if the source itself gets got, then it does nothing. But it at least puts up one more barrier against tampering with the artifacts. They have a tracker for what percent of the distro is reproducible:
https://reproducible.archlinux.org/ |
|
|