Why Nostr? What is Njump?
2023-06-23 14:41:06

thebitcoinhole on Nostr: Let's talk about Reproducible Builds for Hardware Wallets firmware. Verifiable Source ...

Let's talk about Reproducible Builds for Hardware Wallets firmware.

Verifiable Source wallets let you inspect code for flaws, but pre-compiled software lacks a way to verify if it matches the source. Reproducible builds ensure that anyone can recreate identical copies from source code, build environment, and instructions. That's why is important for all wallet users to learn how to build the firmware and verify it before upgrading their wallets.
If not possible for you, at least see if there are proofs of others doing that verification. One good place to find those proofs is https://bitcoinbinary.org

This week on Twitter & Nostr encouraged people to learn how to verify builds. This was a success, a lot of people could learn how to build and verify the Coldcard firmware.

From http://thebitcoinhole.com we want to also collaborate. So, we added a new section "Reproducible Builds" on our website. There you can find for each wallet if they offer reproducible builds instructions and if there are proofs of verification on http://bitcoinbinary.org

We encourage all the hardware wallet manufacturers (or anyone interested) to collaborate and automate proofs of verifications on http://bitcoinbinary.org.

According to our research: Jade, Coldcard, , Passport Batch 2, Trezor, KeepKey, , and Specter DIY offers reproducible builds instructions and/or proofs of verification.

Please help us with a boost. And remember: #LearnToBuild #donttrustverify
Author Public Key
npub1mtd7s63xd85ykv09p7y8wvg754jpsfpplxknh5xr0pu938zf86fqygqxas