[argyllcms] Re: Argyll CMS and "Reproducible Builds"
- From: Kai-Uwe Behrmann <ku.b@xxxxxx>
- To: argyllcms@xxxxxxxxxxxxx
- Date: Mon, 11 Jul 2016 09:16:26 +0200
Am 11.07.2016 um 05:28 schrieb Graeme Gill:
L s wrote:
What are your thoughts concerning making Argyllcms a "Reproducible Build"?
I can't really see the point. ArgyllCMS is an application, not a core piece of
infrastructure like an operating system or network stack.
The point of reproducible builds is to provide a easy verification
mechanism for binaries for end users. End user typical do not build from
source but use binaries. Reproducible builds allow for creation of hash
sums, which can come from trusted sources e.g. the distributor. That
allows for verified/trusted binaries for Linux and BSD as seen in other
operating systems. If users decide for a more secure computing
environment, ArgyllCMS will be on the party.
[The method is no answer for untrusted binaries, like apps from a app
store, which are much more frequently used today.]
If you don't trust my binaries, then build it yourself from the source -
but then, why do you trust my source ??
Distributors will very likely trust you as they did in the past.
just my two cents
Other related posts: