There might be non-security benefits of reproducible builds to *vendors*, but I don't see any benefit to users of being able to reproduce them. This is just because promising there's no backdoors make no sense when bugdoors are just so perfect?
-
-
Replying to @taviso @rene_mobile and
Fwiw I see benefits in reproducible builds to answer the question "is the binary on my machine built from this source"?
3 replies 0 retweets 33 likes -
Replying to @halvarflake @rene_mobile and
Yes, but that only makes sense if you trust the person who provided the source code (because if you don't trust them, there could be a bugdoor). So another way to verify that would be codesigning, or hosting the binary on a https server, right?
4 replies 0 retweets 3 likes -
Replying to @taviso @rene_mobile and
It also helps ensuring that I can rebuild without having to trust someone else's build infra integrity. Reproducible builds + codesigning (incl. transparency) should limit backdooring to bugdoors or global compiler backdoors?
1 reply 0 retweets 5 likes -
Replying to @halvarflake @rene_mobile and
Right, but because you have to trust the vendor anyway, they don't need to make the source/seeds public. For example, they could hire an auditor to verify and you can trust them that they're telling the truth, and you get the same benefit?
1 reply 0 retweets 0 likes -
Replying to @taviso @rene_mobile and
I feel like I have missed a few hours of discussion. How does hiring an auditor equal not having to trust their build infra is not compromised?
1 reply 0 retweets 0 likes -
Replying to @halvarflake @taviso and
(perhaps I misunderstand the current state of the discussion?)
1 reply 0 retweets 0 likes -
Replying to @halvarflake @rene_mobile and
You have to trust the vendor, so if they say "we hired a third party to reproduce our build, and they confirmed our build server produced identical output", then you get the same benefit without having to publish the source and build seeds, right?
2 replies 0 retweets 2 likes -
Replying to @taviso @halvarflake and
If you think they might lie, then you can't trust them, and reproducible builds don't have any benefit (because of bugdoors).
3 replies 0 retweets 0 likes -
Replying to @taviso @halvarflake and
I think I now know the difference in our mental threat model. Do you assume vendors to be fully capable of securing their build infrastructure if they also write trustworthy code? I.e. either the lie about their code (and are capable of writing good bugdoors), or they are honest.
2 replies 1 retweet 0 likes
No, of course not. I don't think Debian, Adobe, Microsoft, etc are untrustworthy, but they have had compromised build infrastructure.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.