[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Time to resurrect multi-key signatures in RPM?



Les Mikesell:
>And if you are really paranoid you have to wonder about the compiler and
>any existing libraries too: http://cm.bell-labs.com/who/ken/trust.html.

I'm actively working on techniques for countering malicious compilers/libraries;
I even had a paper published by ASCAC on the topic:
http://www.dwheeler.com/trusting-trust/
(The example in the paper was run on Fedora.)

Unsurprisingly, it requires determinism (e.g., recompiling the same
program with the same compiler, on & for the same architecture,
produces the same binary).

This kind of determinism is not something that should be
_required_ for Fedora 10, but it'd be a good thing to shoot for.
Determinism is good for testing & debugging, anyway.  If the compiler,
running on the SAME architecture, generates different code when you
re-run it, some kinds of compiler bugs are devilishly hard to track down.

--- David A. Wheeler 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]