theswerd
commented
4 years ago For future releases we could also post the Sha256/512 hash so users can verify the downloads
Open brunobowden opened 4 years ago
theswerd
commented
4 years ago For future releases we could also post the Sha256/512 hash so users can verify the downloads
brunobowden
commented
4 years ago All releases will be tagged, so someone should be able to get this commit from the tag already.
So all we need is to document this. The problem though is that this can be easily faked by a bad actor with a malicious build. Only a reproducible build is a proper verification.
On Sat, Oct 24, 2020 at 1:05 AM Benjamin Swerdlow notifications@github.com wrote:
For future releases we could also post the Sha256/512 hash so users can verify the downloads
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/WorldHealthOrganization/app/issues/1084#issuecomment-715878019, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFF3K4UAMN4YRWT4XFQ56LSMKDGNANCNFSM4MMXYLCA .
Expert users should be able to verify that the installed client on iOS and Android matches the tagged version in the open source repo. This allows anyone to audit the app and verify that there has been no MITM attacks to modify the binary before it is published. The benefit is increased transparency and trust in our build system. It also has additional benefits with increasing automation, ensuring all dependencies are pinned and making the build reproducible.
Telegram approach to reproducible builds: https://core.telegram.org/reproducible-builds
Philosophical buy-in to the approach and examples of mitigated attacks: https://reproducible-builds.org/docs/buy-in/
Please follow this checklist. Please check each appropriate box (put an 'x' or check it after creating the issue).