My version of this question: what's the new hotness in protecting against any malicious dynamic code changes (including auto-updated code, which of course is a baseline security practice now), on any platform? E.g. is anyone really verifying Signal's reproducible builds...?
-
-
Let's say the vendor is malicious, so they hide a bugdoor in the code and sign it. You don't trust code signatures for some reason though, and demand a reproducible build.... so what? You now have a reproducible bugdoor. If you do catch them, "oops", and there's zero penalty.

-
You can make an update system where independent entities reproduce a build and sign and then you check m of N signatures of m trusted by you instead of trusting SSL/TLS CAs.
End of conversation
New conversation -
-
-
Of course that makes total sense. Various code signing entities have already had a problem with that. Spoofing, misplacing, mis-signing, etc. is a valid problem. In a happy world, the signature would be detached and combined with reproducible builds. We're not there, yet.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.