<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div name="messageBodySection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">Hi,
<div>
<div><br />
<blockquote style="margin: 5px 5px; padding-left: 10px; border-left: thin solid #1abc9c;">Have you considered adding reproducible builds to Swift? If you compile the same code under the same conditions, you always get the same binary.</blockquote>
<br />
<div>I don’t honestly know if „reproducible builds” are part of ABI stability, but if you are interested in that, you can find more information in <a href="https://swift.org/abi-stability/">Swift ABI Stability Dashboard</a>.</div>
<div><br /></div>
<div>
<blockquote type="cite" style="margin: 5px 5px; padding-left: 10px; border-left: thin solid #1abc9c;">This would be huge for open source source, because people could *prove* that an app binary came from the code it's supposed to be coming from.</blockquote>
<br /></div>
<div>Considering the nature of open-source projects and that most of them are compiled by <i>users</i> (either manually or by a package manager) on <i>their own machines</i>, the environment and configuration may vary so you won’t prove what you want to, based on your description.</div>
<div><br /></div>
<div>If you want to distribute pre-built binaries and are afraid of malicious modifications of them, you should use code signing. It is designed to prove that binaries have not been tampered with and came from a trusted, original source.</div>
</div>
</div>
</div>
<div name="messageSignatureSection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><br />
<div>——</div>
adrian kashivskyy</div>
<div name="messageReplySection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><br />
On 12 Jun 2017, 11:38 +0200, Tuur Anton via swift-evolution <swift-evolution@swift.org>, wrote:<br />
<blockquote type="cite" style="margin: 5px 5px; padding-left: 10px; border-left: thin solid #1abc9c;">Have you considered adding reproducible builds to Swift? If you compile the same code under the same conditions, you always get the same binary.
<div><br /></div>
<div><br /></div>
<div>This would be huge for open source source, because people could *prove* that an app binary came from the code it's supposed to be coming from.</div>
<div><br /></div>
<div><br /></div>
<div>This should be possible to do. To get the same conditions, a VM (or just the same cleanly installed Mac) could be used. If the compiler adds a timestamp, an option to remove the timestamp could be added. Etc.</div>
<div><br /></div>
<div><br /></div>
<div>Bitcoin Core does this using Gitian: <a href="https://gitian.org" target="_blank" rel="noopener noreferrer">https://gitian.org</a></div>
<div><br /></div>
<div>Debian Linux is making progress: <a href="https://wiki.debian.org/ReproducibleBuilds" target="_blank" rel="noopener noreferrer">https://wiki.debian.org/ReproducibleBuilds</a></div>
_______________________________________________<br />
swift-evolution mailing list<br />
swift-evolution@swift.org<br />
https://lists.swift.org/mailman/listinfo/swift-evolution<br /></blockquote>
</div>
</body>
</html>