No, the argument is about using reproducible builds to reduce the need to trust the vendor. I'm saying it doesn't do that at all, it can be a poor way to check if a *trusted* vendor has had their build infrastructure is compromised.. but that's about it 
-
-
Dunno, why do you insist in having showers and then breaking AV software? :p Bugdoors are very elegant under many aspects.
-
Just imagine a piece of code that just causes a vuln when compiled for some specific CPU revision...e.g. exploiting one of these floating point bugs Intel always has now and then....
- 1 more reply
New conversation -
-
-
I just imagine you reporting a bugdoor to somebody evil and having to stick to the 90 days disclosure deadline... sorry users, it would be irresponsible to publish this right now!

-
"because (large) companies are never ever under the influence of nations"
End of conversation
New conversation -
-
-
Less spy movie appeal i guess :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.