On Wed, Jan 18, 2017 at 01:15:01PM -0600, Anthony Papillion wrote:
> What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT
> already' moment that I am just catching up on?
i think you discovered the use-case for reproducible builds.
On 1/19/2017 8:59 AM, John Newman wrote:
lol i know, it becomes increasingly apparent how impossible a full audit of all
the hardware and software that led to the software that is running your
computer would be, even with a totally open source OS ;)
Well, of course, there is FORTH, the world
> On Jan 18, 2017, at 4:17 PM, Steve Kinney wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>> On 01/18/2017 02:30 PM, John Newman wrote:
>> Use FreeBSD, build from source ;)
>
> Security regression paradox: What's to prevent whoever might have
> replaced the binary in the repo -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/18/2017 02:30 PM, John Newman wrote:
> Use FreeBSD, build from source ;)
Security regression paradox: What's to prevent whoever might have
replaced the binary in the repo - or replaced it in transit to you -
from also rigging the source? So yo
Use FreeBSD, build from source ;)
--
John
> On Jan 18, 2017, at 2:15 PM, Anthony Papillion
> wrote:
>
> A few days ago, I was thinking about ways to compromise even the most
> secure systems and I came across a fairly obvious way: through operating
> system updates. I admit that I am not up to
A few days ago, I was thinking about ways to compromise even the most
secure systems and I came across a fairly obvious way: through operating
system updates. I admit that I am not up to date on the latest security
research so please excuse me if this has been discussed before or is
'common knowled