It also helps ensuring that I can rebuild without having to trust someone else's build infra integrity. Reproducible builds + codesigning (incl. transparency) should limit backdooring to bugdoors or global compiler backdoors?
-
-
Replying to @halvarflake @rene_mobile and
Right, but because you have to trust the vendor anyway, they don't need to make the source/seeds public. For example, they could hire an auditor to verify and you can trust them that they're telling the truth, and you get the same benefit?
1 reply 0 retweets 0 likes -
Replying to @taviso @rene_mobile and
I feel like I have missed a few hours of discussion. How does hiring an auditor equal not having to trust their build infra is not compromised?
1 reply 0 retweets 0 likes -
Replying to @halvarflake @taviso and
(perhaps I misunderstand the current state of the discussion?)
1 reply 0 retweets 0 likes -
Replying to @halvarflake @rene_mobile and
You have to trust the vendor, so if they say "we hired a third party to reproduce our build, and they confirmed our build server produced identical output", then you get the same benefit without having to publish the source and build seeds, right?
2 replies 0 retweets 2 likes -
Replying to @taviso @halvarflake and
If you think they might lie, then you can't trust them, and reproducible builds don't have any benefit (because of bugdoors).
3 replies 0 retweets 0 likes -
Replying to @taviso @halvarflake and
Reproducable builds are a supply-chain control, not a quality control. They don't fix the garbage in, garbage out problem. But verifying that the garbage I'm receiving is in fact exactly the garbage the vendor produced still has value.
1 reply 1 retweet 2 likes -
Replying to @syncsrc @halvarflake and
If you read the tweet above, I explained why that isn't the case. If you have a counterargument, you have to make it
1 reply 0 retweets 0 likes -
Replying to @taviso @halvarflake and
Getting an attestation from a 3rd party is the opposite of trusting the vendor though. And how does a trusted 3rd party make that attestation if not via reproducible builds?
1 reply 0 retweets 0 likes -
Replying to @syncsrc @halvarflake and
You *have* to trust the vendor, there's no way around that. The point is, if you trust them, then why would you think they're lying when they say an auditor verified their build infrastructure wasn't compromised?
2 replies 0 retweets 1 like
The only explanation would be you don't trust them, so then why would reproducible builds help?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.