[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] FBI harassing Tor devs



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/18/2016 10:28 PM, Jonathan Wilkes wrote:
>> If I recall correctly, Mike Perry considered pressure on
>> individual
> developers to be sufficiently threatening that it was a major
> reason why he set up reproducible builds.  (I believe he said this
> at his CCC talk.) Are the current Tor binaries compiled from a
> deterministic build process? -Jonathan

Last I checked, the pluggable transports Gitian script uses a .msi
binary downloaded from python.org as an input.  I don't know if there
are other sources of nonreproducibility (other than GCC).  Lots of
projects downstream of Tor (e.g. Ricochet) are also nonreproducible,
last I checked.

So, while progress has been made, there is still reason for concern, I
think.

- -Jeremy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXPT5tAAoJEAHN/EbZ1y06beAQAKQ6CKOx6d6Uq9nSc2Kv3dBq
ySnw6C1O2rT561AakULcmi5OMj0YOl2oMExAZ3CVYPsZthzWsXe9OOOm7/SJeBrw
LUB9NTvcT6kUeFphEuK03OtGi/m4+W4meql8cS8ebe31SUFvKp84AWbOT0vPNZNU
QqQ/6Yr9+vKMPJesW3O0kyUwIhth0okcOw9BNbBKNxK4EhXstbB1szjgrL4HKZi8
Ov4ozRAFEafjFHeyvDIZw4kk9ncj9UwEWX7ZrFzsfWwxZsRCIGBDdWFie/58rvhY
8a6YAdVpeL1QxiAhU4dQz4kISP6DgjV1eYPbkBfkD6Nx1mc5fwy3OOLqtq4tT1kL
rRlBE1gelEpvqIx7nrJ/+jFGoQQTxorSUvXzVs1TwkqnRh2ToDvH3cbhtCMdPUH2
mlskq+UbF92Ybd2uRG/h6pjJCvFNMJnB1gyAgWSrSzg/TeJiWTcaSKnTQ7WRQBxp
tIaGUVZMVDmwwmIXDWPLH/vrX8qIRnBC6bef6jIjGpAhzTHr5almYn6H5ujgyobd
aZaT1Df5kSEkhNPg2ET1+GMDaROy1ESan3NP9koRicaC75qkMvdQfmrZmnQ56byV
vc3jnEbO5yy7EnZ4mpOiAqvH4krBYnzy7FFN/Mi1wKW5kRbfBVxjwl4HNB8VOiyV
kJA8Ucy73q+ATNGzpJpg
=yrKv
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk