Getting an attestation from a 3rd party is the opposite of trusting the vendor though. And how does a trusted 3rd party make that attestation if not via reproducible builds?
-
-
Replying to @syncsrc @halvarflake and
You *have* to trust the vendor, there's no way around that. The point is, if you trust them, then why would you think they're lying when they say an auditor verified their build infrastructure wasn't compromised?
2 replies 0 retweets 1 like -
Replying to @taviso @halvarflake and
Vendors are not uniform spheres. I can assign different levels of trust to different things they do. Reproducible builds solve real problems I (and others) have observed with vendor development practices. There's a pretty good explanation here: https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md …
1 reply 0 retweets 0 likes -
Replying to @syncsrc @halvarflake and
For example, you might trust a vendor to not provide you malicious software, but not trust they're not maliciously lying about how they produced that software? Can you see why I think that's a weak argument?
1 reply 0 retweets 0 likes -
Replying to @taviso @halvarflake and1 reply 0 retweets 1 like
-
Replying to @syncsrc @halvarflake and
I think you're saying they might not be *lying*, they genuinely thought they had hired someone to check the integrity of their build server? I agree that is in the realm of things that could theoretically happen, but you agree it's a weak justification?
1 reply 0 retweets 0 likes -
Replying to @taviso @halvarflake and
(Obviously?) I don't. If there's something in the whitepaper that isn't clear please file an issue.
1 reply 0 retweets 0 likes -
Replying to @syncsrc @halvarflake and
It's clear to me, and I'm telling you it's a weak argument. If there's something that isn't clear in this thread, please file a reply
I think your threat model is confused, your decision about what you can trust and what you can't is arbitrary.1 reply 0 retweets 0 likes -
Like, you have to trust a vendor that the source code was created by their engineers in good faith. You accept that, but then say you can't trust them to tell you if they've verified their build server is compromised or not. That's just arbitrary?
1 reply 0 retweets 0 likes -
Replying to @taviso @halvarflake and
We clearly have different experiences with vendor build practices.
1 reply 0 retweets 1 like
Are you saying I think vendors have good quality builds? I don't think that, and don't see what difference it would make if I did.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.