{{mbox
| image   = [[File:Ambox_warning_pn.svg.png|40px|alt=verifiable builds warning icon]]
| text    =
Warning:

Deprecated. A dedicated [[Contribute#Contributor|contributor]] is required.
}} {{project_name_short}} previously had a feature which allows the community to check that {{project_name_short}} {{Code2|.ova}} <ref>https://en.wikipedia.org/wiki/Open_Virtualization_Format</ref> releases are verifiably created from the project's own source code - verifiable builds. <ref>This feature only adds security if people actually use it. Do not assume that someone else will do it for you</ref> This only proves that the person and machine <ref>Due to build machine compromise.</ref> building {{project_name_short}} have not added anything malicious, such as a backdoor. <ref>https://en.wikipedia.org/wiki/Backdoor_(computing)</ref> It does not prove there are no backdoors present in Debian. This is not possible, because neither Debian <ref>Whonix is based on Debian.</ref> nor any other operating system provides deterministic builds yet. <ref>Some Debian developers are steadily working on this long-term project, see: [https://wiki.debian.org/ReproducibleBuilds Reproducible Builds].</ref>

This feature does not attempt to prove there are not any vulnerabilities present <ref>https://en.wikipedia.org/wiki/Vulnerability_(computing)</ref> in {{project_name_short}} or Debian. Fatal outcomes are still possible via a remotely exploitable <ref>https://en.wikipedia.org/wiki/Exploit_(computer_security)</ref> bug in {{project_name_short}} or Debian, a flaw in Whonix's firewall which leaks traffic, or code {{Code2|phoning home}} <ref>https://en.wikipedia.org/wiki/Phoning_home</ref> the contents of the HDD/SSD. Community effort is a precondition to improved security with this feature, particularly auditing of {{project_name_short}} and Debian source code to check for possible backdoors and vulnerabilities.

In summary, this feature is useful and potentially improves security, but it is not a magical solution for all computer security and trust issues. The following table helps to explain what this feature can achieve.

'''Table:''' ''Verifiable Builds Comparison''

{{Verifiable_Builds_Comparsion_Table}}

Some readers might be curious why {{project_name_short}} was previously verifiable, while Debian and other distributions are not. In short, this is because [[About#Based_on_Debian|Whonix is uncomplicated]] by comparison. In simple terms, {{project_name_short}} is a collection of configuration files and scripts, and the source code does not contain any compiled code and so on. In contrast, Debian is a full operating system, without which {{project_name_short}} would not exist. <ref>Whonix relies on the tireless efforts of Debian and other upstream projects.</ref>

This feature was first made available in {{project_name_short}} 8. Only users who download a new image can profit from this feature. <ref>Because in order to implement the verifiable builds feature, a lot of non-deterministic, auto-generated files are removed at the end of the build process and re-created during first boot.</ref> It is not possible to audit versions older than {{project_name_short}} 8 with this script. <ref>It is not actually impossible, but it would require significant effort.</ref>