@Yuvalne The #TrustingTrust guy from whose work we then got #DiverseDoubleCompiling?
Anyway yes trust boundaries are cell boundaries. Don't share unnecessary compromising information with outsiders.
#trustingtrust #diversedoublecompiling
Gave a talk at #FOSSY yesterday about #ReproducibleBuilds and #BootstrappableBuilds and how close we are to actually counter the infamous #TrustingTrust attack.
The slides are packaged as a Debian package, including a signed .buildinfo file, so you should be able to recreate my slides bit-for-bit identically!
https://www.aikidev.net/~vagrant/talks/2023/fossy/
However, my actual talk included a fair amount of non-determinism, thanks for all the great questions!
https://2023.fossy.us/schedule/presentation/118/
Videos should be available soon!
#fossy #reproduciblebuilds #bootstrappablebuilds #trustingtrust
good news is that prover9 proves David A. Wheeler's theorems on Diverse Double-Compiling for fully countering #TrustingTrust instantly and gives you rather detailed output.
#bootstrappable #trustingtrust
One of the most exciting real-world applications of #ReproducibleBuilds and #BootstrappableBuilds is securing against #TrustingTrust attacks, known since the 1970s but little has been done to address it. Such attacks are very difficult to pull off, but are devastating if successful.
We successfully built bit-for-bit identical #Mes compiler on several distributions, part of the toolchain used to bootstrap #Guix which is a complete #FreeSoftware distribution.
https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-of-mes-c-compiler/
#FreeSoftware #Guix #mes #trustingtrust #bootstrappablebuilds #reproduciblebuilds