Instead of
'we know there are lots of different vulnerabilities with software so we
should decide to fix none of them'
I feel we should aim for
'we know there are lots of different vulnerabilities with software, so
we should try and fix all of them, failing that, we should at least try
to fix some of them'
And that is why I personally like the idea of reproducible builds,
because although it doesn't solve all the problems with software, such
as the trusting trust compiler problem, it goes a long way to fixing
some of them.
Also, if the compilers aren't broken with malware up until now or to
begin with, a reproducible work-flow could also go a long way to making
sure that the compiler and checking tools are never infected for a
system and it's user base for long into the future.
_______________________________________________
Dev mailing list
[email protected]
https://lists.parabola.nu/mailman/listinfo/dev
