First, you need to explain why you want to use that specific binary so badly? Here is what I do if I don't trust a binary: I compile the source code, and use that binary. What is the attack against this system, which works today, that you're trying to solve?
I think we've probably reached an impasse if you can't agree to this. The system where you run the trusted binary *can't* already be compromised, or the binary can be tampered with. That makes the fact that it was reproduced irrelevant. I guess we've found the point we disagree.
-
-
you need to trust the system you *run* the software on, but not any one you build it on. if i rely on N different systems with enough RAM to build firefox, and one more trusted one with only enough RAM to run it, i know that a repro build is good unless all N builders are bad.
-
You said "[i dont agree with] trust the system you're going to run the binary on", and now you're saying "you need to trust the system you *run* the software on". Can you see why I might find that frustrating?pic.twitter.com/ETgiLxe0Wx
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.