12.2R Sigs
grarpamp
grarpamp at gmail.com
Sat Sep 19 03:45:33 UTC 2020
> [src's] included on the
> installation medium for reproducibility
Wherever the src.tgz, they should not be considered to be
unbreakable reproducible bitwise duplicate authentic or
traceable back to any repo since there is no provable cryptographic
chain back to same, only assertions over the breaking points,
which can and do fail in various ways.
Distributed cloneable distributable repo's based on crypto are
needed to do that, perhaps such as Monotone, or at least
sign Git's init hash.
https://monotone.ca/
https://git-scm.com/
> announce.asc file is only created for the final RELEASE build
Yes as those are nice milestones :)
More information about the freebsd-security
mailing list