This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients brett.cannon, docs@python, ezio.melotti, ned.deily, paul.moore, phelix, r.david.murray, steve.dower, tim.golden, willingc, zach.ware
Date 2015-09-28.20:04:41
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1443470681.38.0.125675334572.issue25255@psf.upfronthosting.co.za>
In-reply-to
Content 
Having read your link [2] above (at least briefly), it seems the aim is to compare hashes of builds from multiple people to verify that nobody maliciously modified the binaries.

That isn't going to work for Windows because we cryptographically sign the binaries. The only people who could produce bit-for-bit identical builds are those trusted by the PSF, and not independent people. So if you don't trust the PSF and implicitly the people trusted by the PSF, you can't actually do anything besides building your own version and using that.

However, the rest of the build is so automated that other personal variations will not occur. As I mentioned above, I have exactly one batch file to build the full span of releases for Windows, and I just run that. It's public and in the repo, so anyone else can also run it, they just won't get bit-for-bit identical builds because of timestamps, embedded paths, and certificates.
History
Date User Action Args
2015-09-28 20:04:41steve.dowersetrecipients: + steve.dower, brett.cannon, paul.moore, tim.golden, ned.deily, ezio.melotti, r.david.murray, docs@python, zach.ware, willingc, phelix
2015-09-28 20:04:41steve.dowersetmessageid: <1443470681.38.0.125675334572.issue25255@psf.upfronthosting.co.za>
2015-09-28 20:04:41steve.dowerlinkissue25255 messages
2015-09-28 20:04:41steve.dowercreate