eugen at leitl.org
Sat Sep 7 11:26:15 PDT 2013
On Sat, Sep 07, 2013 at 09:03:35AM -0700, Seth David Schoen wrote:
> I presume Don means that many Gentoo users are building most of their
> binaries from scratch, while users of other distributions are accepting
> binaries that their distributors compiled (and currently those
> distributors don't have a simple way to prove that the binaries
> correspond to the sources).
Tor developers spent a lot of time into deterministic builds.
I presume the build environment would be easiest to replicate
as a virtual machine.
I've built a Debian tor package from source recently, and
unfortunately there is no obvius way (to me, doesn't mean much)
where to obtain the digital signature (weasel's, not
Roger's) for the apt-get source tarball.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the linux-elitists