On Sat, Dec 26, 2015 at 10:25 AM, Michael Raskin <[email protected]> wrote:
> >If web-of-trust is the best solution, and the only blocker is build > >reproducability, how about trying to classify build differences? > > > >Each of the differences will have a reason, and either we can fix the > build > >to be deterministic (e.g. timestamps, build paths), or we can classify a > >class of changes as equivalent (e.g. optimalizations resulting in > >equivalent code, prelinking). > > Do we want to do something about Profile Guided Optimisation, for > example? I think GCC builds itself with PGO after bootstrapping, and > I don't know what other packages use some amount of unreproducible PGO. > > PGO is in theory reproducible, it just has another input which is the profile data. The question is whether it is possible to attack an otherwise trusted build using fake profile input. If the profile input is not a usable attack vector, then all that is needed is consensus on which input to use for a PGO compilation. This is easier than the trust issue. Alexander
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
