1/some, until I say done. So, you wonder "hey, this Signal app seems to be secure. Can I really trust it with my company's secrets, though? I know I trust Google to run their App Store (otherwise, my android phone can't be trusted at all), but how do I know that the software
-
-
Replying to @dEnergy_dTime @taviso and
actually lives up to the standards it proclaims it has?" So, you turn to someone from the field you trust: Matthew. You read through his website, and he describes his audit of the signal source code (and build system). That's nice, you say, so Matthew knows that the code he
1 reply 0 retweets 0 likes -
Replying to @dEnergy_dTime @taviso and
read is fine. But that says little about the binary you'll download, you say, because who guarantees that Signal (the company) gave Matthew the code that leads to the binary that they uploaded to Google's app store? Now, you read on, and Matthew says: here, I've built the APK
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @taviso and
from source. That's a relief to you, because it means you don't have to do so, which would be hard, because your machines are busy fuzzing Windows APIs or whatever you're up to these days! Now the thing is, while you are technically capable, you have absolutely no interest in
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @taviso and
your mom and your boss downloading an APK from a website, and guiding them through allowing software installation from firefox on Android. Not only because that's tedious, but also because that's counter-productive in security terms So, instead you read further: You read that,
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @taviso and
because Signal took care that their build system always produced exactly the same binary, Matthew was able to check that the version uploaded to Play Store is exactly the same as the version he built from the source code he audited. Now you're convinced: you will tell your boss,
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @taviso and
even your mom that as long as they install the version 1.2.3. of Signal from Google, they get something that is at the very least source code-level audited. In fact, you never even had to have source code for that - Matthew could have, instead of Signal, just as well audited
1 reply 0 retweets 1 like -
Replying to @dEnergy_dTime @taviso and
the Microsoft Word app, or Pokemon Go. As long as you trust Matthew that HE has read the source code and he was able to verify the binary he's built matches the one on Play Store, you're fine. Done!
1 reply 0 retweets 0 likes -
Replying to @dEnergy_dTime @RichFelker and
Here is how to do it without reproducible builds: Matthew builds the binary he's audited, uploads it to the play store, then you download it. Works today, doesn't require any reproducible builds, doesn't require disabling updates. Done!
3 replies 0 retweets 0 likes -
Replying to @taviso @dEnergy_dTime and
Rich Felker Retweeted Rich Felker
Then Matthew has to take responsibility of being a distributor, and possibly being blamed as the one responsible for a bugdoor if it's present in his build. Matthew almost certainly does not want either of these things. See also:https://twitter.com/RichFelker/status/1264999387517923328 …
Rich Felker added,
1 reply 0 retweets 0 likes
In your opinion, if openssl is bugdoored, will Debian be blamed? I've audited openssl and found some bugs, will I be blamed if I missed some?
-
-
Replying to @taviso @dEnergy_dTime and
It was and they were.
CVE-2008-01661 reply 0 retweets 0 likes -
Replying to @RichFelker @taviso and
Jokes aside, maybe. Probably not if there's a good audit trail of the source and how it happened. But what if Matthew had a compromised box he built from? Does he want to risk making binary releases vulnerable people are expected to trust?
1 reply 0 retweets 0 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.