https://bugzilla.redhat.com/show_bug.cgi?id=1020292 --- Comment #41 from Warren Togami <wtogami@xxxxxxxxx> --- Bitcoin is now getting close to building a self-hosted, general purpose deterministic toolchain. This toolchain will eventually be buildable from any Linux distro, and using it in a controlled manner will allow building binaries that are bit-for-bit identical no matter what Linux system you built it upon. I think this is the highest level of assurance we can realistically achieve in guarding against potential compromise. When this toolchain is ready we'll be able to separately package it in Fedora and use it to build a Bitcoin RPM where the binary output could be identical to binaries that we build elsewhere. It could be compared to be similar in concept to a cross-compilation toolchain. Now it is a separate question if Fedora would allow special casing beyond the normal packaging guidelines to allow for the use of such a different build toolchain. Another question is if Fedora will allow special casing to allow Bitcoin to ship with its own static linked copies of libraries that it maintains internally. This is the only way it can achieve bit-for-bit determinism. https://fedoraproject.org/wiki/Chromium Historically Chromium was not allowed into Fedora because it relied upon Google maintained internal copies of libraries, but it seems this was allowed into Fedora August 2016. Looking at the .spec it looks like Fedora must have allowed it in as a special case, as it ships its own internal Google-maintained libraries. I wonder if they decided to just trust that the libraries maintained by the vendor are well cared for. So perhaps this a good sign that Fedora may allow this crazy package to be built in a way that is compatible with upstream's security concerns. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx