Suggestion: reproducible builds for Brave #6728

hugecheese · 2019-11-02T05:02:35Z

I believe this would greatly improve the security of the Brave Browser. The majority of users will simply use Brave from a binary blob downloaded from the web. There is no way to independently verify that the release has not been tampered with relative to the source code on GitHub.

It would be great if the following were possible:

git checkout 79.0.3945.16
npm run build Release
wget <binary blob url>
# the hash of brave's blob and the local build are verifiably the same

bsclifton · 2019-12-02T19:09:58Z

Definitely something we want - I know @mbacchi had heard about a way to do deterministic builds for Chromium (don't remember the details, unfortunately)

brianddk · 2020-04-09T05:34:33Z

I know @mbacchi had heard about a way to do deterministic builds for Chromium (don't remember the details, unfortunately)

Perhaps a reference to issue #5830

bsclifton added build dev-concern labels Dec 2, 2019

rebron added the priority/P5 label Dec 20, 2019

mbacchi added this to Untriaged Backlog in User Requests / Install Improvements via automation Apr 9, 2020

brave / brave-browser

Suggestion: reproducible builds for Brave #6728

Suggestion: reproducible builds for Brave #6728

hugecheese commented Nov 2, 2019 •

edited

bsclifton commented Dec 2, 2019

brianddk commented Apr 9, 2020

brave / brave-browser

Join GitHub today

Suggestion: reproducible builds for Brave #6728

Suggestion: reproducible builds for Brave #6728

Comments

hugecheese commented Nov 2, 2019 • edited

bsclifton commented Dec 2, 2019

brianddk commented Apr 9, 2020

hugecheese commented Nov 2, 2019 •

edited