For example this is absolutely the case with X=Google. I trust Google security folks' analysis of third parties' software. I don't trust that binaries from Google don't contain buried functionality contrary to my interests and safety.
The only way to verify that untrusted binary B is from trusted source code A is that it matches trusted binary C. If C is trusted, why can't you just use that? What is not clear about that?
-
-
repeating myself for eternity: because the party you trust is not necessarily the one with the authority to push binaries to an app repository
-
Give. specific. examples. Your claim is this is a realistic threat model we need to defend against, right? Which system is this that everyone needs reproducible builds for, where they *can* verify binaries, *cant* push them and do have source code.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
