Threre's a big difference in trust to be nonmalicious and trust to be competent and not hiding embarrassing things.
-
-
Replying to @RichFelker @taviso and
But if you have proof the patches are correct & scope is auditable you *don't have to trust*.
1 reply 0 retweets 2 likes -
Replying to @RichFelker @matthew_d_green and
I have no idea what that means. You verify the build matches, so you don't have to trust me that my build server was safe... so what, you still have to trust there are no bugdoors. That's the whole discussion.
1 reply 0 retweets 0 likes -
Replying to @taviso @matthew_d_green and
"Build server" is a distraction. Repro builds are a process to ensure recipient has a way to build from source. If source is minor diff on top of existing FOSS vendor has no access to backdoor, only diff needs audit.
1 reply 0 retweets 2 likes -
Replying to @RichFelker @matthew_d_green and
This is a really odd point. We both agree there are huge benefits to open source, right? But you're saying the binaries also also have to be reproducible, because maybe they're hiding some proprietary code in there? Um, can't you just verify there is no additional functionality?
1 reply 0 retweets 2 likes -
Replying to @taviso @matthew_d_green and
I think we both know there's no such thing as "just verify there is no additional functionality" for a black box.
1 reply 0 retweets 3 likes -
Replying to @RichFelker @taviso and
Without repro builds, in practice even when vendors release source there are often no scripts to rebuild it. This isn't malice just a matter of it being hard to do right. Repro builds is a discipline to get it right. (GPL anticipated this problem back in the 80s, BTW.)
1 reply 0 retweets 9 likes -
Replying to @RichFelker @taviso and
If a router vendor ships their source that's a modified OpenWRT, but doesn't do repro build processes, do you think it's likely that the source actually matches the firmware blob you download from their site? :-)
1 reply 0 retweets 3 likes -
Replying to @RichFelker @matthew_d_green and
Right, but you're saying "they might be breaking the law, and if they provide a reproducible build, we can check if they're breaking the law and sue them....." so, if they are breaking the law, why would they do that?
1 reply 0 retweets 1 like -
Replying to @taviso @matthew_d_green and
No. I'm saying that you can check that there's not new vendor-induced bug surface outside the patch set and limit the scope of what needs audit to the patch set.
1 reply 0 retweets 4 likes
I deleted my last tweet, I think I misunderstood. I think you're saying there are code quality benefits to making your build reproducible, and you want developers to be better. OK, but you're mixing in security claims, I only really object to claims it prevents backdoors.
-
-
Replying to @taviso @matthew_d_green and
Not just code quality but, when the product is derived from FOSS and you don't have reason to believe the vendor has ability to upstream bugdoors into the FOSS, significant benefits to the practicality of audit for bugdoors and unintentional added vulns.
2 replies 0 retweets 2 likes -
Replying to @RichFelker @matthew_d_green and
Sure, and I want a pony. Nobody is going to buy me one though, so why discuss it?
6 replies 0 retweets 13 likes - 18 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.