no, he can't give an app to the world and install it. That would a) potentially breach license b) totally overwhelm his serving capacity c) totally miss the point of not having end users use anything but the vendor app store.
-
-
Replying to @dEnergy_dTime @taviso and
you are the only one here proposing that people sideload software onto their phone, which for the very vast majority indeed would be a terrible idea. Both in usability and in security.
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @RichFelker and
No, I don't think trusted vendors with compromised build infrastructure is a problem worth solving. You're proposing everyone use adb to sideload binaries, how else will you verify them first?
4 replies 0 retweets 1 like -
Replying to @taviso @dEnergy_dTime and
so i would disagree on this at least for me personally. i would def like to be able to rebuild debian packages deterministically from source & check that they are identical with public versions.
2 replies 1 retweet 11 likes -
Replying to @halvarflake @taviso and
(i missed 95% of the discussion and am just randomly tseeting personal preferences at this point)
1 reply 0 retweets 3 likes -
Replying to @halvarflake @dEnergy_dTime and
Yes but *why*? You're already building them and you already trust the developer, why does it matter? It seems like just being open source is enough.
3 replies 0 retweets 0 likes -
Replying to @taviso @dEnergy_dTime and
because in a scenario where the dev may have had his signing keys compromised, and someone has compromised the bin repo, i have a chance of knowing. it goes back to "I want to be able to establish that a given binary was built from a given source snapshot".
1 reply 1 retweet 11 likes -
Replying to @halvarflake @taviso and
key compromise in the absence of universal codesigning transparency has a silent failure mode. deterministic builds can help alleviate that.
1 reply 2 retweets 7 likes -
Replying to @halvarflake @taviso and
the reason i want this is also personal: If I was paid to pwn, gathering the worlds code signing keys would be a rather high item on my todo.
3 replies 1 retweet 10 likes -
Replying to @halvarflake @taviso and
and there's precedent to that! People *do* attack binary distribution channels – the 2003 debian attack, the Gentoo github takeover, potentially hundreds of taken over NPM repos with ASM.js-compiled code in them...
1 reply 0 retweets 2 likes
There are lots of cases of build infrastructure being compromised, but those are not relevant examples. The compromised code *would* be reproducible
I don't know if it's ever actually being exploited to inject malware, mostly attackers want to collect proprietary source code.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.