7 Mar
2016
7 Mar
'16
4:11 p.m.
Hi,
Holger Levsen: https://reproducible-builds.org and https://reproducible.debian.net
Thanks!
Nathan Freitas: https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds
Thanks!
However, even though reproducible-builds seems to address the manual install as well, which is good, I read the problem as being the actual backdoor of auto-update.
Since my Dad will not be able to make this verification, removing auto-update from the package is the only real resolution here.
Besides, given the broken/missing auto-update opt-out in packages like OrFox, it is difficult to trust the developers, since it is the user who defines "malicious".
Wordlife, Spencer