Maybe some of them were preventable, but if it was in place attackers would easi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		charcircuit 83 days ago \| parent \| context \| favorite \| on: Independently verifying Go's reproducible builds Maybe some of them were preventable, but if it was in place attackers would easily adapt to fool the automated systems and we would be back at status quo. >without reproducible build you can't independently verify anything. This is myth propagated by reproducible builds people. Byte for byte similarity is not required to detect a Trojan was injected into one.

cpuguy83 83 days ago [–]

You are right, I should not have said "you can't independently verify anything", but then you generally need to know what you are looking for.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact