also, for organizations who do have sufficient resources (i.e. companies like your employer) it gives them the opportunity to make it much more difficult for a bad actor to compromise their own builds (even for internal and/or proprietary builds, potentially)
-
-
Replying to @wiretapped @RichFelker and
Yes, your proposal is that we need more more infrastructure to maintain, more access to audit, and more attack surface for real attacks that actually happen to defend against attacks that don't seem to happen. Do you understand why I think it's not a strong argument?
1 reply 0 retweets 0 likes -
Replying to @taviso @RichFelker and
for closed-source, i agree there's a tradeoff between ensuring build integrity and ensuring source secrecy. for the rest of the world, the only downside is that it is some work; i think it's worth it to eliminate SPOFs and am glad when
@ReproBuilds et al receive funding to do it!1 reply 0 retweets 0 likes -
Replying to @wiretapped @RichFelker and
Huh, that's the first time I've seen a pro-repro person acknowledge literally any flaw in it. Let me ask you this, do you agree that you can eliminate the same SPOFs *today*? I understand the benefits of repro builds, do you understand the problems?
2 replies 0 retweets 0 likes -
Replying to @taviso @RichFelker and
no, i don't understand how you can eliminate the builders-as-SPOFs without repro builds, and no, i don't see any downsides of repro builds for free software besides the engineering work required to get there.
1 reply 0 retweets 0 likes -
Replying to @wiretapped @RichFelker and
OK, let me explain it for you. Remember, we're not discussing which solution is better (I'll get to that), just that it's possible. You already *have* to trust the source, and the system you're going to run the binary on, correct? Do you agree so far?
1 reply 0 retweets 0 likes -
Replying to @taviso @RichFelker and
trusting the source is a big but orthogonal problem. "trust the system you're going to run the binary on" i don't agree with, though; say i want to run the software in many places and i assume and accept that some of them are inevitably compromised.
1 reply 0 retweets 0 likes -
Replying to @wiretapped @RichFelker and
It's relevant that you dont have a solution to the problem of malicious source code, you *have* to trust it. The system you run the binary on cant be compromised and the source code must be trusted, or repro builds are pointless, agreed? You're already owned if those arent true.
1 reply 0 retweets 0 likes -
Replying to @taviso @wiretapped and
I think we've probably reached an impasse if you can't agree to this. The system where you run the trusted binary *can't* already be compromised, or the binary can be tampered with. That makes the fact that it was reproduced irrelevant. I guess we've found the point we disagree.
1 reply 0 retweets 0 likes -
Replying to @taviso @RichFelker and
you need to trust the system you *run* the software on, but not any one you build it on. if i rely on N different systems with enough RAM to build firefox, and one more trusted one with only enough RAM to run it, i know that a repro build is good unless all N builders are bad.
2 replies 0 retweets 0 likes
You said "[i dont agree with] trust the system you're going to run the binary on", and now you're saying "you need to trust the system you *run* the software on". Can you see why I might find that frustrating?pic.twitter.com/ETgiLxe0Wx
-
-
Replying to @taviso @wiretapped and
I don't believe you're discussing this in bad faith, but how can you disagree and then agree with the *exact* same statement?
1 reply 0 retweets 1 like -
Replying to @taviso @RichFelker and
yes, i certainly can see why you might find that frustrating :) sorry, that was confusing, and doesn't really apply to the more common scenarios that are being discussed. (one example where it does make sense is if "the software" is actually the (repro) build infrastructure...)
1 reply 0 retweets 0 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.