-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/18/2016 10:28 PM, Jonathan Wilkes wrote: >> If I recall correctly, Mike Perry considered pressure on >> individual > developers to be sufficiently threatening that it was a major > reason why he set up reproducible builds. (I believe he said this > at his CCC talk.) Are the current Tor binaries compiled from a > deterministic build process? -Jonathan
Last I checked, the pluggable transports Gitian script uses a .msi binary downloaded from python.org as an input. I don't know if there are other sources of nonreproducibility (other than GCC). Lots of projects downstream of Tor (e.g. Ricochet) are also nonreproducible, last I checked. So, while progress has been made, there is still reason for concern, I think. - -Jeremy -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXPT5tAAoJEAHN/EbZ1y06beAQAKQ6CKOx6d6Uq9nSc2Kv3dBq ySnw6C1O2rT561AakULcmi5OMj0YOl2oMExAZ3CVYPsZthzWsXe9OOOm7/SJeBrw LUB9NTvcT6kUeFphEuK03OtGi/m4+W4meql8cS8ebe31SUFvKp84AWbOT0vPNZNU QqQ/6Yr9+vKMPJesW3O0kyUwIhth0okcOw9BNbBKNxK4EhXstbB1szjgrL4HKZi8 Ov4ozRAFEafjFHeyvDIZw4kk9ncj9UwEWX7ZrFzsfWwxZsRCIGBDdWFie/58rvhY 8a6YAdVpeL1QxiAhU4dQz4kISP6DgjV1eYPbkBfkD6Nx1mc5fwy3OOLqtq4tT1kL rRlBE1gelEpvqIx7nrJ/+jFGoQQTxorSUvXzVs1TwkqnRh2ToDvH3cbhtCMdPUH2 mlskq+UbF92Ybd2uRG/h6pjJCvFNMJnB1gyAgWSrSzg/TeJiWTcaSKnTQ7WRQBxp tIaGUVZMVDmwwmIXDWPLH/vrX8qIRnBC6bef6jIjGpAhzTHr5almYn6H5ujgyobd aZaT1Df5kSEkhNPg2ET1+GMDaROy1ESan3NP9koRicaC75qkMvdQfmrZmnQ56byV vc3jnEbO5yy7EnZ4mpOiAqvH4krBYnzy7FFN/Mi1wKW5kRbfBVxjwl4HNB8VOiyV kJA8Ucy73q+ATNGzpJpg =yrKv -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
