It also helps ensuring that I can rebuild without having to trust someone else's build infra integrity. Reproducible builds + codesigning (incl. transparency) should limit backdooring to bugdoors or global compiler backdoors?
-
-
Replying to @halvarflake @rene_mobile and
Right, but because you have to trust the vendor anyway, they don't need to make the source/seeds public. For example, they could hire an auditor to verify and you can trust them that they're telling the truth, and you get the same benefit?
1 reply 0 retweets 0 likes -
Replying to @taviso @rene_mobile and
I feel like I have missed a few hours of discussion. How does hiring an auditor equal not having to trust their build infra is not compromised?
1 reply 0 retweets 0 likes -
Replying to @halvarflake @taviso and
(perhaps I misunderstand the current state of the discussion?)
1 reply 0 retweets 0 likes -
Replying to @halvarflake @rene_mobile and
You have to trust the vendor, so if they say "we hired a third party to reproduce our build, and they confirmed our build server produced identical output", then you get the same benefit without having to publish the source and build seeds, right?
2 replies 0 retweets 2 likes -
Replying to @taviso @halvarflake and
If you think they might lie, then you can't trust them, and reproducible builds don't have any benefit (because of bugdoors).
3 replies 0 retweets 0 likes -
Replying to @taviso @rene_mobile and
So your argument is "reproducible builds are useless because I have to trust the vendor not to bugdoor things"?
1 reply 0 retweets 0 likes -
Replying to @halvarflake @taviso and
(my view is: As vendor, I like reproducible builds & providing source as it (a) increases the chance that a compromised build infra will be noticed if leveraged and (b) helps me tie source code revisions to binary builds more easily)
1 reply 0 retweets 2 likes -
Replying to @halvarflake @rene_mobile and
No, the argument is about using reproducible builds to reduce the need to trust the vendor. I'm saying it doesn't do that at all, it can be a poor way to check if a *trusted* vendor has had their build infrastructure is compromised.. but that's about it
2 replies 0 retweets 2 likes -
Replying to @taviso @rene_mobile and
What's a better way to check if a trusted vendor had their build infra compromised? It may be a poor way, but it's likely the best available?
2 replies 0 retweets 0 likes
Oh, I'm just talking specifically about publishing build seeds and hoping some member of the public cares enough to check
It's totally reasonable to hire a third party, or to get two project members to verify the build reproduces.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.