Red Hat Security Blog: September 2013 archives

It should be possible to reproduce every build of every package in Fedora (strong, long-term goal).  It should be possible for the users to verify that the binary matches what the source intended to produce, in an independent fashion. This is the basic nature of open source, the source code is available, so what can we do with it? I want to be able to show that our binary was the result of our source code from our compiler and nobody added anything to the binary along the way. Can we show that...