On Wed, Dec 14, 2022 at 11:00:49PM +0000, jerem...@pdp10.guru wrote: > But for the people who do choose to trust binaries, reproducible builds > is the only option you have to check if the source and the binaries > correspond.
Yes, and in addition reproducible builds are also a way for people who do not know each other to agree that they are talking about the same thing. These strangers may have independently built a wrong or bad thing. But they can know they have built the same thing, and that is a very valuable starting point. Therefore reproducible builds are one important way of introducing scientific method to the world of software. > choosing to make our work reproducible and having a clear bootstrapping > path, is a way of showing we care about others. The above sentence stands alone and is excellent, highlighting that software harms people, and we want to reduce the harm because we care about the people. I found the rest of you analogy a little strained and approximate, but I'm going to adopt this sentence for my own use. Thanks :-) -- Dan Shearer d...@shearer.org