-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Am 08.06.20 um 07:52 schrieb Daniel Shahaf: > Besides, there was no question, no concrete request, no clickable > URL… https://walletscrutiny.com/ was mentioned, though. IMHO an interesting and worthwhile project. It probably could use more automation in verifying reproducibility. How would the app-update workflow work in a perfect world, where we do not have to trust the app builder? Maybe like this: 1. developer pushes a signed git tag to the official repo 2. multiple independent builders build binaries and sign some "buildinfo" about source+binary hashes, publish it to some buildinfo-collection place. 3. after N trusted rebuilders agreed on what the correct binary should be, the app-store (e.g. F-Droid) publishes the binary for all users 3b. in theory, this could use anonymous uploads, where anyone can upload a binary to server.domain.tld/public/HASH as long as the HASH of the upload is the correct one. 4. F-Droid client pulls new app version and signed buildinfo files and checks if F-Droid server did the right thing -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTykslvYmKwlIQesLNdovN53d8CLgUCXt9k9gAKCRBdovN53d8C LhryAP4rk1Zbq43fZlHSWI827+0RduubzlXHCI0eSRZ8nQ6AqQD+OdP6VPv0jGJY No8c1w/vVesP5PJwafgVoV5Vp8TgIgQ= =GCT2 -----END PGP SIGNATURE-----