windows binary for gnupg 1.4.11 // compilation instructions posted
vedaal at nym.hush.com
vedaal at nym.hush.com
Fri Sep 16 20:49:09 CEST 2011
Johan Wevers johanw at vulcan.xs4all.nl
Fri Sep 16 20:28:52 CEST 2011 wrote:
>Why not also host a copy of the existing binary?
Because then who is to say that it wasn't tampered with?
The whole point is to start with gnupg.org signed and verified
material, and then let the user take it from there.
Although,
[and am over my head here, so please correct if wrong],
if there *could* be a way of providing instructions on compiling,
so that the resultant compiled file would always have the same
hash,
then it might make sense to host the compiled binary and the hash.
My understanding, (which may be outdated),
is that there are too many variations in individual user systems,
so that the compiled files would never have 'exactly' the same
hash independent of where they are compiled.
Is there any way to ensure that if the same source code and the
same compiler is used, that the resultant files have the same hash?
Thanks,
vedaal
More information about the Gnupg-users
mailing list