geekley
commented
2 years ago @ripcurlx Any updates? Is it currently reproducible at v1.8.2?
Open danimesq opened 4 years ago
geekley
commented
2 years ago @ripcurlx Any updates? Is it currently reproducible at v1.8.2?
ripcurlx
commented
2 years ago @ripcurlx Any updates? Is it currently reproducible at v1.8.2?
ATM only the Linux builds are reproducible. All other binaries (macOS and Windows) are signed with a certificate so it is not possible to build the same binary without the additional signing certificate.
Giszmo
commented
4 months ago Reproducibility can be attested for all but the signature part. At Walletscrutiny we do this with many android apps and hardware wallets that all come with the signature slapped on the binary.
geekley
commented
4 months ago @Giszmo Ah I love wallet scrutiny! Didn't know you're gonna do desktop now, that's great! Hope to see F-Droid too later, or at least adding F-Droid links so people know which apps are available there.
Regarding Bisq, I see its review in wallet scrutiny is work-in-progress. Which stores/OSes will you guys do under "Desktop"? I personally use Ubuntu and always prefer Flatpak apps from flathub when available (specially on cases where I can see on the metadata that it seems builds are independently compiled from source). Do you guys have any plans of checking flathub apps?
Giszmo
commented
4 months ago @geekley Let's not spam this issue tracker. You have no contact information in your profile. I have some. Please reach out especially if you have time to work on WalletScrutiny. I have funds for up to one senior developer or consultant if you know somebody but you touch right on issues I am struggling with.
geekley
commented
4 months ago @Giszmo I do have a GitLab account (same name), and now I've already found the issues to follow on the repo over there, thanks :slightly_smiling_face:
@DaniellMesquita That is on our list for a long time. Do you have experience with reproducible builds like it is done for Bitcoin Core?