[cryptography] Reply to Zooko (in Markdown)

Bryan Bishop kanzure at gmail.com
Sat Aug 17 03:49:01 EDT 2013


On Sat, Aug 17, 2013 at 1:04 AM, Jon Callas <jon at callas.org> wrote:

> It's very hard, even with controlled releases, to get an exact
> byte-for-byte recompile of an app. Some compilers make this impossible
> because they randomize the branch prediction and other parts of code
> generation. Even when the compiler isn't making it literally impossible,
> without an exact copy of the exact tool chain with the same linkers,
> libraries, and system, the code won't be byte-for-byte the same. Worst of
> all, smart development shops use the *oldest* possible tool chain, not the
> newest one because tool sets are designed for forwards-compatibility (apps
> built with old tools run on the newest OS) rather than
> backwards-compatibility (apps built with the new tools run on older OSes).
> Code reliability almost requires using tool chains that are trailing-edge.


Would providing (signed) build vm images solve the problem of distributing
your toolchain?

- Bryan
http://heybryan.org/
1 512-203-0507
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130817/5e1c791c/attachment.html>


More information about the cryptography mailing list