Oddbean new post about | logout
 I remember using that site to help understand and then finally choose Signal over Whatsapp... Nice to see you on the list, @simplex !
I read through the report and your threaded answers. Question: For the "Are reproducible builds used to verify apps against source code?", isn't your app fully open source, therefore that answer is a yes? 
 It is not the same. Build reproducibility means that every time you build the app from the source code you would get exactly the same result, identical byte by byte. It would allow independent parties to validate that the apps that we distribute via different channels are built from the source code we publish.

The problem is that to achieve this quality requires that the build process is deterministic, and in general case it is not:
- some libraries may embed timestamps during compilation.
- compilers my use random numbers for some identifiers.
- etc.

We plan to solve this problem, but it is much harder than it may seem. 
 Nothing amazing is ever simple. Your work on this app is fantastic 🫶🏼