-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I was looking at the Gitian descriptor for the pluggable transports at https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/gitia n/descriptors/windows/gitian-pluggable-transports.yml , and I noticed that it has an input file called "python.msi". Furthermore, I noticed the following line in https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/gitia n/versions :
PYTHON_MSI_URL=https://www.python.org/ftp/python/$%7BPYTHON_VER%7D/$%7BPYTHON_ MSI_PACKAGE}
- From this, I conclude that Python is not being built in Gitian, and the download from www.python.org is assumed to be safe / not backdoored. Is this correct?
If I'm correct, is there a reason that Python is not being built in Gitian? Was it attempted and found that Python cannot easily be built for Windows in Gitian? Or was it not attempted and just still on the to-do list? I don't see any relevant ticket on Trac.
Thanks, - -Jeremy Rand