Let's talk about Reproducible Builds for Hardware Wallets firmware.
Verifiable Source wallets let you inspect code for flaws, but pre-compiled software lacks a way to verify if it matches the source. Reproducible builds ensure that anyone can recreate identical copies from source code, build environment, and instructions. That's why is important for all wallet users to learn how to build the firmware and verify it before upgrading their wallets.
If not possible for you, at least see if there are proofs of others doing that verification. One good place to find those proofs is https://bitcoinbinary.org
This week on Twitter & Nostr NVK (npub1az9…m8y8) encouraged people to learn how to verify builds. This was a success, a lot of people could learn how to build and verify the Coldcard firmware.
From http://thebitcoinhole.com we want to also collaborate. So, we added a new section "Reproducible Builds" on our website. There you can find for each wallet if they offer reproducible builds instructions and if there are proofs of verification on http://bitcoinbinary.org
We encourage all the hardware wallet manufacturers (or anyone interested) to collaborate and automate proofs of verifications on http://bitcoinbinary.org.
According to our research: Blockstream (npub1jg5…6n8n) Jade, Coldcard, BitBox (npub1tg7…cxmt), Foundation (npub1s0v…pq6j) Passport Batch 2, Trezor, KeepKey, SeedSigner (npub17ty…3mgl), and Specter DIY offers reproducible builds instructions and/or proofs of verification.
Please help us with a boost. And remember: #LearnToBuild #donttrustverify
thebitcoinhole / The Bitcoin Hole
npub1mt…gqxas
2023-06-23 14:41:06
Author Public Key
npub1mtd7s63xd85ykv09p7y8wvg754jpsfpplxknh5xr0pu938zf86fqygqxasPublished at
2023-06-23 14:41:06Event JSON
{
"id": "ce088b7345e1ffa646d899695648c416891a261a01a2cfae6adc0f853d94beb5",
"pubkey": "dadbe86a2669e84b31e50f8877311ea564182421f9ad3bd0c37878589c493e92",
"created_at": 1687531266,
"kind": 1,
"tags": [
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411",
"",
"mention"
],
[
"p",
"922945779f93fd0b3759f1157e3d9fa20f3fd24c4b8f2bcf520cacf649af776d",
"",
"mention"
],
[
"p",
"5a3de28ffd09d7506cff0a2672dbdb1f836307bcff0217cc144f48e19eea3fff",
"",
"mention"
],
[
"p",
"83d8bb23328c67ece2adf1306db97e3f027b853d8bdaf226d01c2e0f2ceade2e",
"",
"mention"
],
[
"p",
"f2c96c97f6419a538f84cf3fa72e2194605e1848096e6e5170cce5b76799d400",
"",
"mention"
],
[
"t",
"LearnToBuild"
],
[
"t",
"learntobuild"
],
[
"t",
"donttrustverify"
],
[
"t",
"donttrustverify"
],
[
"r",
"https://bitcoinbinary.org"
],
[
"r",
"http://thebitcoinhole.com"
],
[
"r",
"http://bitcoinbinary.org"
],
[
"r",
"http://bitcoinbinary.org."
]
],
"content": "Let's talk about Reproducible Builds for Hardware Wallets firmware. \n\nVerifiable Source wallets let you inspect code for flaws, but pre-compiled software lacks a way to verify if it matches the source. Reproducible builds ensure that anyone can recreate identical copies from source code, build environment, and instructions. That's why is important for all wallet users to learn how to build the firmware and verify it before upgrading their wallets. \nIf not possible for you, at least see if there are proofs of others doing that verification. One good place to find those proofs is https://bitcoinbinary.org\n\nThis week on Twitter \u0026 Nostr nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 encouraged people to learn how to verify builds. This was a success, a lot of people could learn how to build and verify the Coldcard firmware.\n\nFrom http://thebitcoinhole.com we want to also collaborate. So, we added a new section \"Reproducible Builds\" on our website. There you can find for each wallet if they offer reproducible builds instructions and if there are proofs of verification on http://bitcoinbinary.org \n\nWe encourage all the hardware wallet manufacturers (or anyone interested) to collaborate and automate proofs of verifications on http://bitcoinbinary.org.\n\nAccording to our research: nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n Jade, Coldcard, nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt, nostr:npub1s0vtkgej33n7ec4d7ycxmwt78up8hpfa30d0yfksrshq7t82mchqynpq6j Passport Batch 2, Trezor, KeepKey, nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl, and Specter DIY offers reproducible builds instructions and/or proofs of verification.\n\nPlease help us with a boost. And remember: #LearnToBuild #donttrustverify",
"sig": "ee7ca388ea5edc1c858923923fb3b110d62d0ed4682676b9cbc880edc91d419a6383c432f85021b8507fe9788e50ecaf52667448705b16348214f1cd90ce5502"
}