pull down to refresh
25 sats \ 4 replies \ @rijndael 7 Aug 2022 \ on: Reproducible Build Proofs: Wallet Scrutiny and BitcoinBinary bitcoin
Just having a reproducible build doesn’t mean that it’s secure. That’s one of the things I don’t like about walletscrutiny. Their methodology for determining what to put a green label on and what to put a red label on is misleading at best.
There is a lot more to wallet security and trying to boil it all down to reproducible builds is actively harmful to the ecosystem.
Also iOS apps aren’t binary-reproducible, so there’s a whole thing…
Trusting Apple seems like a pretty bad idea anyway.
Reproducible builds at least guarantee the source makes the binary that is distributed.
Does walletscrutiny say something more than "we can build these and get the same hash as the one being distributed?"
reply
the problem is that you can't get the hash of an ios app on your phone.
reply
There is a lot more to wallet security and trying to boil it all down to reproducible builds is actively harmful to the ecosystem.
I disagree that Wallet Security is harmful to the ecosystem.
But to get further, there is the tragedy of the commons. Security audits on the code would help with that. Security audits are labor expensive. Who will pay for these security audits to vet the open source code on these wallets?
reply
There is a lot more to wallet security and trying to boil it all down to reproducible builds is actively harmful to the ecosystem.
It's the tragedy of the commons. Security audits on the code would help with that. Security audits are labor expensive. Who will pay for these security audits to vet the open source code on these wallets?
reply