First, you need to explain why you want to use that specific binary so badly? Here is what I do if I don't trust a binary: I compile the source code, and use that binary. What is the attack against this system, which works today, that you're trying to solve?
Is the answer that they will need to pick "a" (singular) party?
-
-
that is another orthogonal problem, but say it came preinstalled on their computer. yes, they are trusting one party at the beginning; reproducible builds do not solve the need to trust your hardware. but with repro they can be protected from that party's subsequent compromise.
-
Yes, every problem inconvenient to your argument is "orthogonal". You need to pick a (singular) vendor you trust. We've already established that vendor can produce trusted builds from source code. Why do you need reproducible builds?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.