I reproduce the build once. Checksum passes. I deploy the binary (that I now trust) 1000 times using existing distribution channels. Easy is more expensive than free.
-
-
Yes, agreed. So at the moment, you reproduce the build once, verify the checksum, then deploy the official binary. I'm saying, build it once, then deploy *your* binary. Where is the flaw in that system? You must already be able to run a command on every system, right?
1 reply 0 retweets 0 likes -
I don't have a delivery mechanism for *MY* binary. I don't want to build it - it already exists.
1 reply 0 retweets 0 likes -
Can you run a command on every system?
1 reply 0 retweets 0 likes -
It's my infrastructure - In theory I can build anything to do anything. I don't want to.
1 reply 0 retweets 0 likes -
If I understand correctly, you are seriously concerned your vendors build server is compromised. You're concerned enough that you're willing to rebuild every package manually, but you draw the line at copying files around? Do you at least agree it's not a *strong* argument?
2 replies 0 retweets 0 likes -
Leif Ryge Retweeted Leif Ryge
What you seem to be missing is the fact that users don't need to rebuild anything themselves in order to benefit from reproducible builds:https://twitter.com/wiretapped/status/1265026855121420289 …
Leif Ryge added,
Leif Ryge @wiretappedReplying to @taviso @dEnergy_dTime and 9 otherseveryone will benefit from reproducible builds when software update mechanisms begin to require signatures from at least m of n of the expected builders. then the build infrastructure will no longer contain SPOFs which can independently modify software. bugdoors are orthogonal.1 reply 0 retweets 1 like -
Replying to @wiretapped @tgenov and
What you seem to be missing is that you can get all the same security benefits *today* without having to spend millions developing new build systems. Do you agree we're just not seeing attackers produce tainted binaries from trusted but compromised build servers?
1 reply 0 retweets 0 likes -
how, by having each endpoint build the code itself? aside from being impractical, that also doesn't provide the same assurance that they're all running good binaries. re: your q, absence of evidence isn't evidence of absence, and no, i do not agree. e.g. https://theintercept.com/2015/03/10/ispy-cia-campaign-steal-apples-secrets/ …pic.twitter.com/qDVLl7B1MI
1 reply 0 retweets 1 like -
Replying to @wiretapped @tgenov and
Each endpoint could build, or you can get someone you already have to trust to build it for you, which is how it works today. That seems to be working pretty well, as you have to really stretch to provide any examples of it not working, correct?
2 replies 0 retweets 0 likes
I can provide lots of examples of backdoored source code, maliciously altered by attackers. Reproducible builds would all produce tainted binaries, and wouldn't prevent that, correct? E.g. https://lwn.net/Articles/57135/ https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor … etc.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.