(i missed 95% of the discussion and am just randomly tseeting personal preferences at this point)
-
-
Replying to @halvarflake @dEnergy_dTime and
Yes but *why*? You're already building them and you already trust the developer, why does it matter? It seems like just being open source is enough.
3 replies 0 retweets 0 likes -
Replying to @taviso @dEnergy_dTime and
because in a scenario where the dev may have had his signing keys compromised, and someone has compromised the bin repo, i have a chance of knowing. it goes back to "I want to be able to establish that a given binary was built from a given source snapshot".
1 reply 1 retweet 11 likes -
Replying to @halvarflake @taviso and
key compromise in the absence of universal codesigning transparency has a silent failure mode. deterministic builds can help alleviate that.
1 reply 2 retweets 7 likes -
Replying to @halvarflake @taviso and
the reason i want this is also personal: If I was paid to pwn, gathering the worlds code signing keys would be a rather high item on my todo.
3 replies 1 retweet 10 likes -
Replying to @halvarflake @dEnergy_dTime and
That doesn't make sense though, the only way you can know is because you also built it - at which point you don't need the signed binaries! The code signing is only useful if you want to know the binaries were produced by a vendor you already trust.
1 reply 0 retweets 2 likes -
Replying to @taviso @dEnergy_dTime and
explain to me again how having built the binaries surfaces the use of compromised keys for the binaries on the repo?
1 reply 0 retweets 2 likes -
Replying to @halvarflake @dEnergy_dTime and
It doesn't matter - you *have* trusted binaries, you were going to build them anyway. Codesigning is only relevant for people who don't have trusted binaries, but do have a vendor they trust, right?
1 reply 0 retweets 2 likes -
Replying to @taviso @dEnergy_dTime and
I am not sure you are engaging with my argument. To repeat: I like deterministic builds because they may surface use of compromised signing keys. I don't think you get to decide that I should not care because I can build my own (trusted) binaries.
1 reply 1 retweet 14 likes -
Replying to @halvarflake @dEnergy_dTime and
We agree that you can check if a build server is compromised or not with reproducible builds. I'm not saying you can't enjoy doing that if you like, but I am saying there's no security benefit over just open source.
4 replies 0 retweets 1 like
the difference is whether everyone has to rebuild all their software themselves vs a couple people can rebuild it and publish their own additional signatures for you, right? and if everyone rebuilds it, that's gonna waste a lot of time
-
-
… and a lack of doability of verification means a lack of verification, or reduced update cycles.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.