Obviously, without periodic, labor-intensive and expensive audits to ensure that the source hasn’t been compromised, it’s not perfect, but it at least provides for third-party attestation that the official build matches the source that’s publicly available. There’s value there.
Yes, it's arbitrarily specific? Everything else has to remain trusted. It's also never happened, have there ever been any cases of tainted binaries from compromised build infra? Lots of tainted src repos, src tarballs, signing infra, distribution, etc, though.
-
-
There have been, search for XcodeGhost on https://dwheeler.com/trusting-trust/
-
Also the thesis describes how diversity and independent compilation on isolated systems can be used to increase trust and avoid a single point of failure.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.