# Gavin Andresen
# 2011-01-22 16:50:33
# https://bitcointalk.org/index.php?topic=2926.msg40424#msg40424

It is time to build and test a new version of bitcoin. @p{par}

In the past, Satoshi built the Windows and Linux releases, Laszlo built the Mac releases, and we trusted them not to put malware in them (or we compiled ourself from source). @p{par}

Satoshi is busy, and even if he wasn't he shouldn't be spending his time doing a job that a lot of the rest of us are capable of doing.  So we need a new process. @p{par}

Ideally, that process should be open and verifiably trustworthy.  So I'd like to propose that we do the following: @p{par}

1. For each platform, somebody creates a pristine, reproducible build environment, preferably as a virtual machine image that anybody can download, inspect, clone, run, etc. @p{par}

Anybody should be able to reproduce the build environment by running or following a script (e.g. "Install Ubuntu X.Y.Z.  apt-get the following versions of the following packages... etc").  @p{par}

2. A copy of that virtual machine is used to build/package the release. @p{par}

3. Anybody can audit the process by re-creating the build environment and ensuring that they end up with "identical" executables.  (where "identical" means compare the code in the executables, ignoring timestamps or other meta-info linkers put into executables @p{--} are there already tools to do that, or do we need to roll our own?). @p{par}

Feedback?  Suggestions for improvement, or are there better ways of creating 'trusted builds' ? @p{brk}