Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)
More like guesswork/assumptions than reality. I agree that Electron is meh. But I think it could still be done, f.e. with docker container as it is on Android.
Sorry to be blunt, but you’re not a developer and it shows. Android’s build system was purpose made to be reproducible. Electron was not.
There is so much going on in an Electron build, most of which is out of Signal’s control unless they maintain an entire fork of the Electron build stack. That is an enormous engineering effort for basically zero benefit.
It probably is functionally reproducible, apart from checksums differing due to build dates baked into the artifacts somewhere. It’s not as easy as you think.
If you think it’s as easy as “building it in a Docker container,” then by all means, try.
I will not enter into disputes because… not too tech savvy. But I’m still sure that it could be realized. They just decided not to bother.