Specccifics. Matthew can totally give you an app to install, so that doesn't work, you need to add more restrictions.
-
-
Replying to @taviso @RichFelker and
no, he can't give an app to the world and install it. That would a) potentially breach license b) totally overwhelm his serving capacity c) totally miss the point of not having end users use anything but the vendor app store.
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @taviso and
you are the only one here proposing that people sideload software onto their phone, which for the very vast majority indeed would be a terrible idea. Both in usability and in security.
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @RichFelker and
No, I don't think trusted vendors with compromised build infrastructure is a problem worth solving. You're proposing everyone use adb to sideload binaries, how else will you verify them first?
4 replies 0 retweets 1 like -
Replying to @taviso @dEnergy_dTime and
so i would disagree on this at least for me personally. i would def like to be able to rebuild debian packages deterministically from source & check that they are identical with public versions.
2 replies 1 retweet 11 likes -
Replying to @halvarflake @taviso and
(i missed 95% of the discussion and am just randomly tseeting personal preferences at this point)
1 reply 0 retweets 3 likes -
Replying to @halvarflake @dEnergy_dTime and
Yes but *why*? You're already building them and you already trust the developer, why does it matter? It seems like just being open source is enough.
3 replies 0 retweets 0 likes -
Replying to @taviso @dEnergy_dTime and
because in a scenario where the dev may have had his signing keys compromised, and someone has compromised the bin repo, i have a chance of knowing. it goes back to "I want to be able to establish that a given binary was built from a given source snapshot".
1 reply 1 retweet 11 likes -
Replying to @halvarflake @taviso and
key compromise in the absence of universal codesigning transparency has a silent failure mode. deterministic builds can help alleviate that.
1 reply 2 retweets 7 likes -
Replying to @halvarflake @taviso and
the reason i want this is also personal: If I was paid to pwn, gathering the worlds code signing keys would be a rather high item on my todo.
3 replies 1 retweet 10 likes
That doesn't make sense though, the only way you can know is because you also built it - at which point you don't need the signed binaries! The code signing is only useful if you want to know the binaries were produced by a vendor you already trust.
-
-
Replying to @taviso @dEnergy_dTime and
explain to me again how having built the binaries surfaces the use of compromised keys for the binaries on the repo?
1 reply 0 retweets 2 likes -
Replying to @halvarflake @dEnergy_dTime and
It doesn't matter - you *have* trusted binaries, you were going to build them anyway. Codesigning is only relevant for people who don't have trusted binaries, but do have a vendor they trust, right?
1 reply 0 retweets 2 likes - 11 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.