[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Informing users that the directory doesn't review binaries. Was: [GN
|
From: |
Denis 'GNUtoo' Carikli |
|
Subject: |
Re: Informing users that the directory doesn't review binaries. Was: [GNU-linux-libre] Criteria for Android applications |
|
Date: |
Sat, 13 Nov 2021 20:27:32 +0100 |
On Sat, 13 Nov 2021 20:09:35 +0100
Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> wrote:
> On Thu, 11 Nov 2021 22:06:25 -0500
> bill-auger <bill-auger@peers.community> wrote:
> > o/c the FSDG goes well beyond licensing (eg: if reproducibility
> > was the norm, that could be considered as justification for a
> > new FSDG requirement) - until then, i suggest warning about it -
> > if i wrote it, i would likely be thinking to also suggest that
> > people learn how to verify signatures, as the solution (trust
> > only your distro's signatures)
> For a start we could for instance indicate which distributions do
> support reproducible builds and at what level, for instance in a page
> on the Libreplanet wiki.
I've started doing that here:
https://libreplanet.org/wiki/Group:Software/research/ReproducibleBuilds
Denis
pgpDdl2wSvpkw.pgp
Description: OpenPGP digital signature