Utilize Gitian (or similar) for Trusted Builds/Secure Distribution

[ajvb]

About Gitian (taken from http://gitian.org/)

Gitian is a secure source-control oriented software distribution method. This means you can download trusted binaries that are verified by multiple builders.

Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used. It removes the build and distribution process as a single point of failure.

Why?

This allows for more assurance that the main builds have not been tampered with in any way.

Jacob Appelbaum discusses this in his keynote at LibrePlanet '14 in relation to the Tor Project (which uses gitian) and Debian.

[elimisteve]

Great idea! Link to referenced Appelbaum talk: https://www.youtube.com/watch?v=oE92vJn_Ls8

[arturovm]

That's awesome :D I didn't know about Gitian. :+1: