--- Comment #41 from Warren Togami <wtog...@gmail.com> ---
Bitcoin is now getting close to building a self-hosted, general purpose
deterministic toolchain. This toolchain will eventually be buildable from any
Linux distro, and using it in a controlled manner will allow building binaries
that are bit-for-bit identical no matter what Linux system you built it upon.
I think this is the highest level of assurance we can realistically achieve in
guarding against potential compromise.
When this toolchain is ready we'll be able to separately package it in Fedora
and use it to build a Bitcoin RPM where the binary output could be identical to
binaries that we build elsewhere. It could be compared to be similar in
concept to a cross-compilation toolchain.
Now it is a separate question if Fedora would allow special casing beyond the
normal packaging guidelines to allow for the use of such a different build
Another question is if Fedora will allow special casing to allow Bitcoin to
ship with its own static linked copies of libraries that it maintains
internally. This is the only way it can achieve bit-for-bit determinism.
Historically Chromium was not allowed into Fedora because it relied upon Google
maintained internal copies of libraries, but it seems this was allowed into
Fedora August 2016. Looking at the .spec it looks like Fedora must have
allowed it in as a special case, as it ships its own internal Google-maintained
libraries. I wonder if they decided to just trust that the libraries
maintained by the vendor are well cared for.
So perhaps this a good sign that Fedora may allow this crazy package to be
built in a way that is compatible with upstream's security concerns.
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
package-review mailing list -- email@example.com
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org