Comment by gruez
5 days ago
You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?
5 days ago
You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?
People reproducibly build Signal all the time. There's a bug right now that makes the play store version differ from the one you get by downloading off their website/build from source, but you can examine the differences to see they're minor.
>People reproducibly build Signal all the time
source? Is there a site that tracks this, or only shows up when someone raises an issue on github?
Pick a decently up-to-date fork of Signal on GitHub and look at its Actions. You can also just do it yourself if you'd like, the process is effectively just doing a build in a docker container and comparing the result.
https://github.com/signalapp/Signal-Android/blob/main/reprod...
2 replies →