Right, but you're saying "they might be breaking the law, and if they provide a reproducible build, we can check if they're breaking the law and sue them....." so, if they are breaking the law, why would they do that?
-
-
Replying to @taviso @matthew_d_green and
No. I'm saying that you can check that there's not new vendor-induced bug surface outside the patch set and limit the scope of what needs audit to the patch set.
1 reply 0 retweets 4 likes -
Replying to @RichFelker @matthew_d_green and
I deleted my last tweet, I think I misunderstood. I think you're saying there are code quality benefits to making your build reproducible, and you want developers to be better. OK, but you're mixing in security claims, I only really object to claims it prevents backdoors.
1 reply 0 retweets 3 likes -
Replying to @taviso @matthew_d_green and
Not just code quality but, when the product is derived from FOSS and you don't have reason to believe the vendor has ability to upstream bugdoors into the FOSS, significant benefits to the practicality of audit for bugdoors and unintentional added vulns.
2 replies 0 retweets 2 likes -
Replying to @RichFelker @matthew_d_green and
Sure, and I want a pony. Nobody is going to buy me one though, so why discuss it?
6 replies 0 retweets 12 likes -
Replying to @taviso @RichFelker and
Having not read the rest of the thread, I *am* tempted to buy you a pony, just to force you into discussing something that you don't want to discuss (I haven't even read what it is ;)
2 replies 3 retweets 40 likes -
-
Replying to @matthew_d_green @halvarflake and
I'm raising money for Buy a Pony for Tavis. Click to Donate https://www.gofundme.com/f/buy-a-pony-for-tavis?utm_source=twitter&utm_medium=social&utm_campaign=p_cf+share-flow-1 …
9 replies 21 retweets 84 likes -
-
I spent all my money on political horses
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.