From d3b86b4be589ebd4d9a4d8862b6116737fdf682d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Mon, 28 Oct 2024 17:16:07 +0100 Subject: [PATCH] docs/guides/reproducible-build-verification.md: review fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip LewiƄski --- docs/guides/reproducible-build-verification.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/guides/reproducible-build-verification.md b/docs/guides/reproducible-build-verification.md index 6476506366..28cd042143 100644 --- a/docs/guides/reproducible-build-verification.md +++ b/docs/guides/reproducible-build-verification.md @@ -7,15 +7,15 @@ code. This ensures that no tampering, such as inserting malicious code during the build process, has occurred. The most obvious and undisputable way of verifying build reproduction is -comparing `sha256` or `md5` hashes of two given binaries. There are, however, -corner cases where this is not an ideal approach - such as when the same -binary is signed with a different key. +comparing the hashes of two given binaries. There are, however, corner cases +where this is not an ideal approach - such as when the same binary is signed +with a different key. ## Romscope -To provide a more comprehensive way of comparing two Dasharo binaries which -are supposed to have been built from the same source, we have developed -[romscope](https://github.com/Dasharo/romscope). +To compare two binaries that were built from the same source but contain +[embedded signatures](https://reproducible-builds.org/docs/embedded-signatures/) +, we have developed [romscope](https://github.com/Dasharo/romscope). ### Basic verification