> [src's] included on the > installation medium for reproducibility Wherever the src.tgz, they should not be considered to be unbreakable reproducible bitwise duplicate authentic or traceable back to any repo since there is no provable cryptographic chain back to same, only assertions over the breaking points, which can and do fail in various ways. Distributed cloneable distributable repo's based on crypto are needed to do that, perhaps such as Monotone, or at least sign Git's init hash.
https://monotone.ca/ https://git-scm.com/ > announce.asc file is only created for the final RELEASE build Yes as those are nice milestones :) _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
