Gitian is a secure source-control oriented software distribution method. This means you can download trusted binaries that are verified by multiple builders.
Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used. It removes the build and distribution process as a single point of failure.
Getting Started with VM based Builds
Use the Gitian Builder to build your package in a qemu based virtual machine. You can then compare binaries with other builders, and sign the result. I am working on a downloader that verifies multiple builder signatures.
Getting Started with Rubygems
See the How To page for using the Gitian RubyGems repository.
- A group of builders is much more trustworthy than just one
- Get people away from downloading untrusted binaries
- Create a secure and easy to use software upgrade process
VM based build tools source is on github.
RubyGems distribution source can be cloned from gitorious.