Hacker News new | ask | show | jobs
by farfatched 33 days ago
For sure.

This has been the status quo in Debian for a while now. You can build, and use diffoscope to audit the differences.

It's a stronger security property to have bit-for-bit reproducibilty, and it looks like Debian are ready to commit to it.
1 comments
charcircuit 33 days ago
You are just restating the point of the thread and not addressing the low return on investment doing this is.
link
farfatched 33 days ago
Fair point.

I had figured the cost would decrease in time as deterministic builds became the norm (i.e. build tools stop including build timestamps).

I agree that it might not have positive POI. Bit tricky for me to judge.

link