OK, I imagine this is the gist of it:
(quoting here for others who might wonder)
Why do we want reproducible builds?
- Allow independent verifications that a binary matches what the source intended to produce.
- Should reproducible uploads become mandatory, then the incentive of an attacker to compromise the system of a developer with upload rights is lowered because it is not anymore possible for the developer to upload a binary that does not match the uploaded sources.
- Additionally, the incentive for this kind of attack is further lowered because an attacker now has to compromise all machines that can check the reproducibility of the uploaded source.
- Finally, with a sufficiently large body of independent (geographically and administratively) machines, reproducible builds can help find systems which are compromised in a way to produce binaries with altered functionality.
JanKusanagi @identi.ca at 2015-04-26T12:42:38Z
der.hans likes this.