It also helps ensuring that I can rebuild without having to trust someone else's build infra integrity. Reproducible builds + codesigning (incl. transparency) should limit backdooring to bugdoors or global compiler backdoors?
-
-
Replying to @halvarflake @rene_mobile and
Right, but because you have to trust the vendor anyway, they don't need to make the source/seeds public. For example, they could hire an auditor to verify and you can trust them that they're telling the truth, and you get the same benefit?
1 reply 0 retweets 0 likes -
Replying to @taviso @rene_mobile and
I feel like I have missed a few hours of discussion. How does hiring an auditor equal not having to trust their build infra is not compromised?
1 reply 0 retweets 0 likes -
Replying to @halvarflake @taviso and
(perhaps I misunderstand the current state of the discussion?)
1 reply 0 retweets 0 likes -
Replying to @halvarflake @rene_mobile and
You have to trust the vendor, so if they say "we hired a third party to reproduce our build, and they confirmed our build server produced identical output", then you get the same benefit without having to publish the source and build seeds, right?
2 replies 0 retweets 2 likes -
Replying to @taviso @halvarflake and
If you think they might lie, then you can't trust them, and reproducible builds don't have any benefit (because of bugdoors).
3 replies 0 retweets 0 likes -
Replying to @taviso @rene_mobile and
So your argument is "reproducible builds are useless because I have to trust the vendor not to bugdoor things"?
1 reply 0 retweets 0 likes -
Replying to @halvarflake @taviso and
(my view is: As vendor, I like reproducible builds & providing source as it (a) increases the chance that a compromised build infra will be noticed if leveraged and (b) helps me tie source code revisions to binary builds more easily)
1 reply 0 retweets 2 likes -
Replying to @halvarflake @rene_mobile and
No, the argument is about using reproducible builds to reduce the need to trust the vendor. I'm saying it doesn't do that at all, it can be a poor way to check if a *trusted* vendor has had their build infrastructure is compromised.. but that's about it
2 replies 0 retweets 2 likes -
Replying to @taviso @halvarflake and
I think we all agree having source code is beneficial, and we all agree that providing build seeds and source to someone could let them check if your build infra was compromised (but says nothing about whether you're malicious or not).
2 replies 0 retweets 2 likes
I think the key point is: Reproducible builds do not prevent backdoors.
-
-
Replying to @taviso @halvarflake and
I had some discussions about reproducible builds for security of Linux distros in recent times. It helps to ask where the compiler is actually bootstrapped from + Ken Thompson..
1 reply 0 retweets 1 like -
… and on which microcode the processor compiled it was running ¯\_(ツ)_/¯
1 reply 0 retweets 3 likes - 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.