I deleted my last tweet, I think I misunderstood. I think you're saying there are code quality benefits to making your build reproducible, and you want developers to be better. OK, but you're mixing in security claims, I only really object to claims it prevents backdoors.
Yes, your proposal is that we need more more infrastructure to maintain, more access to audit, and more attack surface for real attacks that actually happen to defend against attacks that don't seem to happen. Do you understand why I think it's not a strong argument?
-
-
for closed-source, i agree there's a tradeoff between ensuring build integrity and ensuring source secrecy. for the rest of the world, the only downside is that it is some work; i think it's worth it to eliminate SPOFs and am glad when
@ReproBuilds et al receive funding to do it! -
Huh, that's the first time I've seen a pro-repro person acknowledge literally any flaw in it. Let me ask you this, do you agree that you can eliminate the same SPOFs *today*? I understand the benefits of repro builds, do you understand the problems?
- 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
