<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/08/2013 10:57 AM, Jeremy Lakeman
wrote:<br>
</div>
<blockquote
cite="mid:CAAjnzmAPCrdbos2crn4eAmat2Cvx3Gv5DUsCmME_54FDVz5=HQ@mail.gmail.com"
type="cite">
<pre wrap="">Which raises another interesting topic; in the general case, how would
you verify that an apk has been built from a particular source
archive.</pre>
</blockquote>
<br>
We are hoping to implement Gitian (
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a href="http://gitian.org/">http://gitian.org/</a>) soon, which is
a side project by one of our main contributors.<br>
<br>
"
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Gitian is a secure source-control oriented software distribution
method. This means you can download trusted binaries that are
verified by multiple builders.
<p style="margin-bottom: 25px; font-size: 14pt; font-weight: normal;
line-height: 26px; margin-top: 0px; font-family: georgia; color:
rgb(51, 51, 51); font-style: normal; font-variant: normal;
letter-spacing: normal; orphans: 2; text-align: left; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">Gitian uses a deterministic build process to allow multiple
builders to create identical binaries. This allows multiple
parties to sign the resulting binaries, guaranteeing that the
binaries and tool chain were not tampered with and that the same
source was used. It remove the build and distribution process as a
single point of failure."<br>
<br>
</p>
</body>
</html>