Now this is really worth a read... opensource.googleblog.com/20โฆ
1
1
1
In theory, the reproducible builds project gives us a pointer here. If *enough* "trustable" agents do the build and get the same result (i.e. each agent's signature validates the same final binary hash) then one can start to build out trust based on regular matching of results.
Feb 4, 2021 ยท 11:39 AM UTC
2

