Skip to content

Commit

Permalink
docs/guides/reproducible-build-verification.md: review fixes
Browse files Browse the repository at this point in the history 
Signed-off-by: Filip Lewiński <[email protected]>
  • Loading branch information
@filipleple @mkopec
filipleple authored and mkopec committed Oct 31, 2024
1 parent e8491dd commit d3b86b4
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions docs/guides/reproducible-build-verification.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,15 @@ code. This ensures that no tampering, such as inserting malicious code during
the build process, has occurred.

The most obvious and undisputable way of verifying build reproduction is
comparing `sha256` or `md5` hashes of two given binaries. There are, however,
corner cases where this is not an ideal approach - such as when the same
binary is signed with a different key.
comparing the hashes of two given binaries. There are, however, corner cases
where this is not an ideal approach - such as when the same binary is signed
with a different key.

## Romscope

To provide a more comprehensive way of comparing two Dasharo binaries which
are supposed to have been built from the same source, we have developed
[romscope](https://github.com/Dasharo/romscope).
To compare two binaries that were built from the same source but contain
[embedded signatures](https://reproducible-builds.org/docs/embedded-signatures/)
, we have developed [romscope](https://github.com/Dasharo/romscope).

### Basic verification

Expand Down

0 comments on commit d3b86b4

Please sign in to comment.