Opened 8 years ago

Closed 7 years ago

#6008 closed project (duplicate)

Improve software assurance

Reported by: phobos Owned by: phobos
Priority: Medium Milestone:
Component: Company Version:
Severity: Keywords: SponsorZ-large
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Improving software assurance through repeatable builds across all operating systems and verifiable build system security. Without getting into endless black holes (see, we should be able to document how our software was built and others should be able to repeat the exact same steps and build the exact same binaries. The binaries should be verifiable through some hash algorithm or forensic analysis of the resulting binaries.

This goes towards improving our build integrity and build security once others can independently verify the binaries.

Child Tickets

Change History (3)

comment:1 Changed 8 years ago by karsten

Keywords: SponsorZ added
Milestone: Sponsor Z: November 1, 2013

Switching from using milestones to keywords for sponsor deliverables. See #6365 for details.

comment:2 Changed 8 years ago by mikeperry

Keywords: SponsorZ-large added; SponsorZ removed

See also #6011. May be a dup?

For the record, with enough effort, we can verify all the way down to silicon:

Though it might be a tiny bit trickier than just "use two compilers":

comment:3 Changed 7 years ago by phobos

Resolution: duplicate
Status: newclosed

See the gitian stuff mikeperry has done.

Note: See TracTickets for help on using tickets.