trustworthy reproducible builds
asked 2015-02-02 21:30:08 +0300
there seems to be a debian project which aims to automatically check if binary files were actually created from the given source code. full interview here.
i think this would be great for open source software in the jolla store. we cant expect jolla to look into the source code of every app, but this way we would at least know that the binary in the store is actually compiled from the correct given sources (in case of an open source app).
i know this project is in an early stage but i would just like to see that jolla is aware of this development :)
update: >1,5 years later the debian project is alive and is actually used by some big and well known projects already. see for example a list here. Information can be found at reproducible-builds.org and in the debian wiki.