Changes between Initial Version and Version 2 of Ticket #2357


Ignore:
Timestamp:
2014-12-29T16:20:07Z (10 years ago)
Author:
daira
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2357

    • Property Owner changed from marlowe to daira
    • Property Status changed from new to assigned
    • Property Milestone changed from undecided to soon

  • Ticket #2357 – Description

    initial v2  
    2828Here is a news article from LWN.net about the concept of verifiable builds (prompted in part by an open letter that we wrote): [https://lwn.net/Articles/564263/ “Security software verifiability”]. Here is a [//pipermail/tahoe-dev/2013-August/008684.html post on the tahoe-dev mailing list] about our desire to have verifiable builds for Tahoe-LAFS.
    2929
    30 The goal of ''this'' ticket is to have documentation of the ways in which Tahoe-LAFS builds are not currently verifiable. Its scope includes only Tahoe-LAFS as built via setup.py (using setuptools and/or pip), not as packaged by an operating system distribution or package management system. However, it may be useful to consider how existing projects have approached this problem: [https://wiki.debian.org/ReproducibleBuilds Debian], [https://blog.torproject.org/category/tags/deterministic-builds Tor], [https://en.bitcoin.it/wiki/Release_process Bitcoin], and the recent ad-hoc [https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ reproduction of the TrueCrypt Windows binaries].
     30The goal of ''this'' ticket is to have documentation of the ways in which Tahoe-LAFS builds are not currently verifiable. Its scope includes:
     31
     32 * Tahoe-LAFS as built via setup.py (using setuptools and/or pip), and
     33 * the MAC OS X (#182) and Windows (#195) packages
     34
     35but does not include Tahoe-LAFS as packaged by an operating system distribution or package management system.
     36
     37It may be useful to consider how existing projects have approached this problem: [https://wiki.debian.org/ReproducibleBuilds Debian], [https://blog.torproject.org/category/tags/deterministic-builds Tor], [https://en.bitcoin.it/wiki/Release_process Bitcoin], and the recent ad-hoc [https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ reproduction of the TrueCrypt Windows binaries].