[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Toward a fully reproducible Debian

Toward a fully reproducible Debian

Posted Jun 15, 2018 21:30 UTC (Fri) by josh (subscriber, #17465)
Parent article: Toward a fully reproducible Debian

> security packages with signing keys such as secure boot

For this case, the binary being signed should still be 100% reproducible, and the signature should be in a verifiable format using a documented public key.

to post comments

Toward a fully reproducible Debian

Posted Jun 15, 2018 21:36 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

Not if you use something like an HSM to store the private key.

Toward a fully reproducible Debian

Posted Jun 15, 2018 21:41 UTC (Fri) by josh (subscriber, #17465) [Link]

You can and should still provide the corresponding public key, and document the signature format, so that people can verify the signature themselves as well as verifying that the rest of the binary is 100% reproducible aside from the signature.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds