[tor-project] Questions about Tor reproducibility
Nicolas Vigier
boklm at mars-attacks.org
Mon Nov 22 10:33:54 UTC 2021
Hi Gunner!
On Sun, 21 Nov 2021, Allen Gunn wrote:
> Hello friends,
>
> Another project with which I and Aspiration do a lot of work is
> Reproducible Builds (https://reproducible-builds.org/)
>
> We are doing some communications and "amplification" on the Reproducible
> Builds team, and I'm wondering who in Tor has reproducibility on their
> plate, and might be good to talk to about Tor thinking on reproducibility?
>
> We are trying to identify things we might visualize as well as how you
> are thinking about RB these days?
We are still doing reproducible builds: for each Tor Browser release we
have two people from the team building and comparing the results of the
builds (and investigating and fixing the issue if it's not matching).
And this page has instructions for people who want to reproduce our
builds:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking/Hacking#reproducing-an-existing-build
However checking that builds have been reproduced is still a manual
process. I think the next step would be to have more people building
Tor Browser, with some system to publish the results, and then having
the Tor Browser updater check before applying an update that it has been
built by multiple trusted builders. However since we are a small team
and already busy with many other things, this is not very high priority
at the moment.
Nicolas
More information about the tor-project
mailing list