Creating reproducible builds to verify Free Software
- by mikkykkat
Free Software is about freedom and privacy, Open Source software is great but making that fully practical usually won't happen. Most Free Software developers publicize binaries that we can't verify are really compiled from the source code or have something bad injected already!
We have the freedom to change the code, but privacy for ordinary users is missing. For desktop software there is a lot of languages and opportunities to create Free Software with a reproducible build process (compiling source code to always produce the exact same binary), but for mobile computing I don't know if same thing is possible or not? Mobile devices are probably the future of computing and Android is the only Open Source environment so far which accept Java for coding.
Compiling same Android application won't result in the exact same binary every time. For Open Source Android apps how we can verify the produced binary (.apk) is really compiled from the source code? Is there any way to create reproducible builds from the Android SDK or does Java fail here for Free Software? is there any java software ever wrote with a reproducible build?