So are you advocating for all software companies to hack their build infra...?
-
-
Replying to @coolhandle01 @taviso and
looks like I'm having some trouble understanding today. I think supply chain attacks are the most effective (i.e. hack the world) and reproducible builds + m of N signatures are a good defense tool.
3 replies 0 retweets 3 likes -
Replying to @julianor @coolhandle01 and
I don't see how a supply chain attack is relevant. I think reproducible builds prove your build server isn't compromised and nothing else, it doesn't reduce the need to trust the vendor. As you already trust the vendor, what's wrong with codesigning or similar?
3 replies 0 retweets 0 likes -
Is there value in being able to state "this binary is derived from that source code"? I think yes, independently of whether I am the vendor or user. But I won't argue that repro builds solve backdoors.
1 reply 1 retweet 5 likes -
Replying to @halvarflake @taviso and
Fwiw it's a bit sad that repro builds even need discussing; imo deterministic repro builds should be about as exotic as a working "ls".
2 replies 0 retweets 11 likes -
Replying to @halvarflake @taviso and
They don't do anything except establish a clear checkable source-to-binary link; but that seems like such a fundamental thing?
1 reply 0 retweets 6 likes -
Replying to @halvarflake @julianor and
Hmm, but why? You have the source code and a binary that someone you trust says is the output from compiling that code. You trust them, but think their build infra might be compromised... So why not just build the binary and use that one? Doesn't that make the issue irrelevant?
2 replies 0 retweets 1 like -
Replying to @taviso @halvarflake and
Because the original binary is typically signed by the vendor, and you may not be able to run it on the same platform without that signature. With a repro build, you can use the original binary and have (a degree of) certainty it matches the source. Even better are multi-sigs.
1 reply 0 retweets 2 likes -
Replying to @rene_mobile @halvarflake and
The threat model is: You have a platform where you can't install any software unless it's signed by the vendor, but it's open source, and you think that vendor's build server is compromised? Which platform are we talking about, this seems like a fantasy threat model, no?
2 replies 0 retweets 0 likes -
Replying to @taviso @halvarflake and
https://wiki.debian.org/SecureBoot#Supported_architectures_and_packages … https://wiki.debian.org/SecureBoot/Discussion … https://wiki.debian.org/ReproducibleBuilds …
2 replies 0 retweets 0 likes
I know how secure boot works Rene.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.