very useful for users wanting to verify bitcoin related binaries, Where do I document it?
1 Like
Bitcoin Core? Currently part of Bitcoin - Whonix but worthwhile yet to move it to its own wiki page?
Done. Added as ref
1 Like
Some of the builds on that site are not reproducible and not thoroughly verified.
In my opinion, it is good to have a compilation of reproducible binaries, but if nobody is auditing the build procedure, then it become a blind spot.
Bitcoin core is reproducible and extensive work was made with guix sigs, so linking to this procedure The `bitcoin-core/guix.sigs` Repository Workflow · GitHub after building with bitcoin/release-process.md at master · bitcoin/bitcoin · GitHub seems more appropriate than a central hub of builds that are not verified by other sources if they are reproducible or not.
One example is Sparrow wallet, which is listed on the site of the first post but it is not reproducible building from source - deterministic build, differences in modules · Issue #192 · sparrowwallet/sparrow · GitHub
If you watch the video from the reproducible build, that was made by the same person here building from source - deterministic build, differences in modules · Issue #192 · sparrowwallet/sparrow · GitHub
you will notice that the entire folder is not compared, only a single file. If comparing the whole folder, which has more binaries, there would be a diff from the released binaries and the built ones.
In short:
Bitcoin Core is reproducible but linking to bitcoinbinary(dot)org, is unfortunate, as the process of submitting new software to that page is not investigated, it is just accepted.
2 Likes
Thanks for letting us know. @Patrick I made a corrected note about bitcoinbinaryorg on Bitcoin Core - Whonix as a warning rather than remove it to let users know what @nyxnor said.
2 Likes