Let's talk about Reproducible Builds for Hardware Wallets firmware.

Verifiable Source wallets let you inspect code for flaws, but pre-compiled software lacks a way to verify if it matches the source. Reproducible builds ensure that anyone can recreate identical copies from source code, build environment, and instructions. That's why is important for all wallet users to learn how to build the firmware and verify it before upgrading their wallets.

If not possible for you, at least see if there are proofs of others doing that verification. One good place to find those proofs is https://bitcoinbinary.org

This week on Twitter & Nostr nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 encouraged people to learn how to verify builds. This was a success, a lot of people could learn how to build and verify the Coldcard firmware.

From http://thebitcoinhole.com we want to also collaborate. So, we added a new section "Reproducible Builds" on our website. There you can find for each wallet if they offer reproducible builds instructions and if there are proofs of verification on http://bitcoinbinary.org

We encourage all the hardware wallet manufacturers (or anyone interested) to collaborate and automate proofs of verifications on http://bitcoinbinary.org.

According to our research: nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n Jade, Coldcard, nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt, nostr:npub1s0vtkgej33n7ec4d7ycxmwt78up8hpfa30d0yfksrshq7t82mchqynpq6j Passport Batch 2, Trezor, KeepKey, nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl, and Specter DIY offers reproducible builds instructions and/or proofs of verification.

Please help us with a boost. And remember: #LearnToBuild #donttrustverify