Skip to content
All posts
2026-05-28

Why we ship reproducible builds

Most apps ask you to trust two things at once: that the developer is honest, and that the binary in the store is the one they compiled. Code signing only covers the first. It says nothing about whether the build server was compromised, or whether a backdoor was slipped in after review.

A reproducible build closes that gap. Given the same source at a tagged commit and a pinned toolchain, anyone can produce a byte-for-byte identical artifact — and therefore an identical SHA-256. If your hash matches ours, the binary is the source. If it doesn't, you stop.

Blink publishes a hash for every artifact and a script that reproduces it. You don't have to trust our infrastructure. You have to trust the math, which is the only thing in this stack that can't be subpoenaed.