The 21/02/14, Andrew Savchenko wrote: > Any decent security setup contains multiple layers of protection. > Use of non-standard binaries, algorithms or implementations is just > one of them and it is the simplest math to prove that security is > _improved_ this way.
The algorithms and implementations do not change with configuration options while they are almost always the cause of security issues of a software. Of course, building the same software on different architectures or with custom configuration options will change the assembler code and the binary fingerprint might be totally different. But considering this a layer of protection remains non-sense and is a dangerous approach. The nature of Gentoo does not help in this area compared to other binary distributions. I don't pretend that non-standard binaries NEVER protect against some kind of issues. I pretend they are ridiculously insignificant in the wild. -- Nicolas Sebrecht
