> On Jun 22, 2021, at 9:08 AM, Dan Shearer wrote:
> In brief, this is where we know that the Trusting Trust paper [1]
> remains valid, despite David Wheeler's technique [2]. Because even if we
> can build our toolchain from scratch we have no idea about the microcode
> or higher-level firmware
Hi!
> apksigcopier is a tool for copying APK signatures from a signed APK
> to an unsigned one (in order to verify reproducible builds). It can
> also be used to compare two APKs with different signatures.
As apksigcopier [1] -- including the vendored copy in fdroidserver [2]
-- has worked
On Tue, Jun 22, 2021 at 04:33:00PM +0200, Bernhard M. Wiedemann wrote:
> On 22/06/2021 12.50, Dan Shearer wrote:
> > https://travisdowns.github.io/blog/2021/06/17/rip-zero-opt.html . We
> > capture as much as we can about the build/test environment, but of
> > course not the microcode version :-)
Hi Dan,
On Tue, Jun 22, 2021 at 11:50:37AM +0100, Dan Shearer wrote:
> Here at LumoSQL we do repeated runs testing SQLite of various versions
> and configurations, storing the results in an SQLite database.
>
> Here is an example of the kind of variation that justifies what some
> have called
Here at LumoSQL we do repeated runs testing SQLite of various versions
and configurations, storing the results in an SQLite database.
Here is an example of the kind of variation that justifies what some
have called our too-fussy test suite, a microcode update that changes
behaviour from one day
There is a RB bug in Python's standard zipfile library. It needlessly makes it
hard to create reproducible ZIPs with it https://bugs.python.org/issue43547
It would be good to have more input from Python people there, since it is not
clear how best to handle it. Please post to the issue