[Commotion-dev] Verifying an apk has been built from this source
Nathan of Guardian
nathan at guardianproject.info
Fri Feb 8 04:28:24 UTC 2013
On 02/08/2013 10:57 AM, Jeremy Lakeman wrote:
> Which raises another interesting topic; in the general case, how would
> you verify that an apk has been built from a particular source
> archive.
We are hoping to implement Gitian ( http://gitian.org/) soon, which is a
side project by one of our main contributors.
" Gitian is a secure source-control oriented software distribution
method. This means you can download trusted binaries that are verified
by multiple builders.
Gitian uses a deterministic build process to allow multiple builders to
create identical binaries. This allows multiple parties to sign the
resulting binaries, guaranteeing that the binaries and tool chain were
not tampered with and that the same source was used. It remove the build
and distribution process as a single point of failure."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130208/bf81a681/attachment.html>
More information about the Commotion-dev
mailing list