Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
NPM has version pins and every tool I know of is, or can be, deterministic. Code obfuscators often introduce randomness but an open source app like this has no reason to be obfuscated in the first place.
I’ve worked with JS for years and it’s not like reproducible builds are impossible. They’re not often done, because who even develops JS and cares about this type of thing, but it’s not like there’s an inherent limitation here.
The only problem I can think of is transpilers inserting different line endings depending on the platform they’re run on, but if you use a Docker container for the build then there’s no good reason why that should be an issue.
My condolences
And I mean that too. The Reproducible Android build was done via Docker, so I think absolutely the same thing could be done here.