What benefit does it offer? There's no penalty for making a bugdoor, so if you catch the vendor's bugdoor, they have to make a new one?
-
-
Replying to @taviso @matthew_d_green and
To be clear, source analysis is useful to catch non-malicious vendors who make a mistake. If you're trying to determine if a vendor *is* malicious, src analysis provides no benefit, because there is no penalty for hiding a bugdoor....so how do repro builds help?
1 reply 0 retweets 6 likes -
Replying to @taviso @halvarflake and
There are a lot of people involved in the build process. And a much smaller number of people involved in the development of specific portions of code. If you can isolate your security concerns to those areas (still aspirational) you can reduce your trusted dev base.
2 replies 0 retweets 11 likes -
Replying to @matthew_d_green @taviso and
Even more true if the software in question is FOSS with minor vendor patching. Knowing the source they showed you corresponds to what they shipped lets you limit audit to their patches.
1 reply 0 retweets 4 likes -
Replying to @RichFelker @matthew_d_green and
Vendors lying about extent to which they modified FOSS in their products is a huge issue repro builds fully fixes, and is absolutely relevant to approach to evaluating safety.
1 reply 0 retweets 5 likes -
Replying to @RichFelker @matthew_d_green and
If you don't trust the vendor to tell the truth, how can you trust them not to insert a bugdoor?
1 reply 0 retweets 3 likes -
Replying to @taviso @matthew_d_green and
Threre's a big difference in trust to be nonmalicious and trust to be competent and not hiding embarrassing things.
1 reply 0 retweets 6 likes -
Replying to @RichFelker @taviso and
But if you have proof the patches are correct & scope is auditable you *don't have to trust*.
1 reply 0 retweets 2 likes -
Replying to @RichFelker @matthew_d_green and
I have no idea what that means. You verify the build matches, so you don't have to trust me that my build server was safe... so what, you still have to trust there are no bugdoors. That's the whole discussion.
1 reply 0 retweets 0 likes -
Replying to @taviso @matthew_d_green and
"Build server" is a distraction. Repro builds are a process to ensure recipient has a way to build from source. If source is minor diff on top of existing FOSS vendor has no access to backdoor, only diff needs audit.
1 reply 0 retweets 2 likes
This is a really odd point. We both agree there are huge benefits to open source, right? But you're saying the binaries also also have to be reproducible, because maybe they're hiding some proprietary code in there? Um, can't you just verify there is no additional functionality?
-
-
Replying to @taviso @matthew_d_green and
I think we both know there's no such thing as "just verify there is no additional functionality" for a black box.
1 reply 0 retweets 3 likes -
Replying to @RichFelker @taviso and
Without repro builds, in practice even when vendors release source there are often no scripts to rebuild it. This isn't malice just a matter of it being hard to do right. Repro builds is a discipline to get it right. (GPL anticipated this problem back in the 80s, BTW.)
1 reply 0 retweets 9 likes - 26 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.