It also helps ensuring that I can rebuild without having to trust someone else's build infra integrity. Reproducible builds + codesigning (incl. transparency) should limit backdooring to bugdoors or global compiler backdoors?
What does it matter if they're good at writing bugdoors or not? There is zero penalty for getting caught, and you get unlimited attempts. That is why the backdoor fixation is so confusing, bugdoors are obviously perfect.
-
-
I can prove it's not the case that it's harder to write a bugdoor than a backdoor: People do it accidentally without even trying all the time
Still, I only object to saying it helps prevent backdoors, maybe it improves build quality, but I'm not really sure about that. -
We might have to agree to disagree here. Writing a targeted backdoor for a specific user group and/or shipping a tampered binary to that specific group seems significantly easier to me than writing an innocent-looking bug in the global, published code base. Of course there are
- 3 more replies
New conversation -
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
- 7 more replies
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.