Conversation

This Tweet was deleted by the Tweet author. Learn more

I don't really know what reproducible builds prove, that the build server wasn't compromised? If Signal were malicious, they could just add a bugdoor, so you still have to trust them not to be malicious. 🤷🏻‍♂️

Replying to

Reproducible builds make most sense together with open source, of course. And it's of value even if nobody is constantly verifying the builds. Simply the point that they could mitigates the vector of a malicious builds server. Source level backdoors are certainly not addressed.

Replying to

You can prove the build server isn't compromised, but you can't prove you're not trying to hide a backdoor, right? So users still have to trust you, and you could get the same benefit from getting a third party to privately repro the build for you...

Replying to

I don't fully agree. It is still easier to hide a backdoor in (obfuscated) binary code than it is in (written-to-be-maintainable) source code. Config should ideally be included. And there are other code quality benefits of reproducible builds besides security (testing, deltas).

Replying to

What have I done by disagreeing with

@taviso

? (Seriously, this is a very good centithread, and there are not many that still make sense beyond a 100 replies 🤔)

GIF

Replying to

I think people generally agree now that reproducible builds don't prevent backdoors. That's good, but now they want to argue for other fuzzier benefits, so it's harder to follow that!

Replying to

Oh, I never thought they _prevented_ backdoors, only that some of the easier vectors for introducing them are being mitigated. And that seems a good thing, especially in combination with my strong suspicion (only anecdata, though) that it helps code (or at least build) quality.

Replying to

And since I can't see any real harm with reproducible builds (besides the work it takes to set up in the first place) - i.e. no runtime overhead etc - I don't see the usual discussion of cost of mitigation measures to factor in much in this debate. So, why not build reproducibly?

Replying to

The auditing / trust benefits are largely theoretical, esp. outside tiny projects... but reproducible builds are very useful nonetheless. Regularly helps me debug problems, analyze the impact of changes and even figure how to build things properly. Bonus: smaller delta updates.

10:24 PM · May 23, 2020Twitter Web App

Replying to

Let's not drift from the core discussion, maybe homeopathic remedies have the benefit of the placebo effect, but they don't cure disease. Do reproducible builds mean you don't need to trust the vendor, or eliminate backdoors? The answer is no, agreed?

Replying to

The theoretical benefits of reproducible builds are based on the theoretical benefits of open source. I don't think reality matches anything close to the hype. I don't think either does much to avoid trust in vendors/developers. I think both help making software better though.

Show replies