________________________________
>From: Mike Perry <mikepe...@torproject.org>
>To: liberationtech <liberationtech@lists.stanford.edu>
>Sent: Tuesday, June 18, 2013 11:54 PM
>Subject: [liberationtech] Deterministic builds and software trust [was: Help
>test Tor Browser!]
[...]
>This is where deterministic builds come in: any individual can use our
anonymity network to download our source code, verify it against public
signed, audited, and mirrored git repositories, and reproduce our builds
exactly, without being subject to such targeted attacks. If they notice
any differences, they can alert the public builders/signers, hopefully
using a pseudonym or our anonymous trac account.
Interesting. Questions:
1) I'd imagine in your case that a large portion of
users aren't going to want to compile the software, and it seems at
least like they could still be good citizens by verifying the binaries
they download against what a random sampling of mirrors say they
should look like. Is there a tool out there they can use to do this?
2) Do you use Tor's git version id (the hash) for the
release as the random seed string? Seems like that would be a
good precedent to set in case other projects start using this
method, too.
-Jonathan
>This also will eventually allow us to create a number of auxiliary
authentication mechanisms for our packages, beyond just trusting the
offline build machine and the gpg key integrity.
I believe it is important for Tor to set an example on this point, and I
hope that the Linux distributions will follow in making deterministic
packaging the norm. (Don't despair: it probably won't take 6 weeks per
package. Firefox is just a bitch).
Otherwise, I really don't think we'll have working computers left in
5-10 years from now :/.
I hope to write a longer blog post about this topic on the Tor Blog in
the next couple weeks, discussing the dangers of exploit weaponization
and the threats it poses to software engineering and software
distribution. I'm still mulling over the exact focus and if I should
split the two ideas apart, or combine them into one post...
Ideas and comments welcome!
--
Mike Perry
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
