[linux-elitists] Surveillance

Eugen Leitl eugen at leitl.org
Sat Sep 7 11:26:15 PDT 2013


On Sat, Sep 07, 2013 at 09:03:35AM -0700, Seth David Schoen wrote:

> I presume Don means that many Gentoo users are building most of their
> binaries from scratch, while users of other distributions are accepting
> binaries that their distributors compiled (and currently those
> distributors don't have a simple way to prove that the binaries
> correspond to the sources).

Tor developers spent a lot of time into deterministic builds.
I presume the build environment would be easiest to replicate
as a virtual machine.

I've built a Debian tor package from source recently, and
unfortunately there is no obvius way (to me, doesn't mean much)
where to obtain the digital signature (weasel's, not
Roger's) for the apt-get source tarball.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://zgp.org/pipermail/linux-elitists/attachments/20130907/ce96f802/attachment.sig>


More information about the linux-elitists mailing list