I don't really know what reproducible builds prove, that the build server wasn't compromised? If Signal were malicious, they could just add a bugdoor, so you still have to trust them not to be malicious. 
Maybe, but you *have* to trust the vendor anyway, and if you don't trust them to tell the truth that they're checking the build server, then you can't trust them not to insert bugdoors... right? 
-
-
So are you advocating for all software companies to hack their build infra...?
-
looks like I'm having some trouble understanding today. I think supply chain attacks are the most effective (i.e. hack the world) and reproducible builds + m of N signatures are a good defense tool.
- 17 more replies
New conversation -
-
-
you always trust but instead of blind trust or trusting a single system you can trust independent entities with different incentives. You can trust a vendor but at the same time have a process to make it harder for a malicious member to insert a backdoor.
-
I don't know what checking the build server means, you can't demonstrate a server is not compromised but you can verify independent systems produce the same output from the same input..somehow
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.