orbit icon indicating copy to clipboard operation
orbit copied to clipboard

Published 20 hours ago verified publisher icon orbitdb-archive

Reproducible builds

Open ghost opened this issue 7 years ago • 3 comments

I see that orbit is moving to Circle CI automatically publishing release artifacts. Are builds reproducible, or is there any other way to establish trust with these builds?

ghost avatar Oct 12 '16 15:10 ghost

Right now they're not. Ideas how to do this, ideally with CircleCI, would be highly appreciated @lgierth.

haadcode avatar Oct 12 '16 15:10 haadcode

My implicit concern is that we should not advertise releases that were built on untrusted third-party machines without a way of verifying their integrity

ghost avatar Oct 12 '16 16:10 ghost

:+1: I think it's something we can have a chat about when it comes to general artifacts produced by IPFS projects. Would be good to have a process on how we can do the builds and how to verify them.

victorb avatar Oct 12 '16 17:10 victorb