[Nix-dev] Sidestepping the community builds trust issue?
Alexander Kjeldaas
ak at formalprivacy.com
Sat Dec 26 11:59:18 CET 2015
On Sat, Dec 26, 2015 at 10:25 AM, Michael Raskin <7c6f434c at mail.ru> wrote:
> >If web-of-trust is the best solution, and the only blocker is build
> >reproducability, how about trying to classify build differences?
> >
> >Each of the differences will have a reason, and either we can fix the
> build
> >to be deterministic (e.g. timestamps, build paths), or we can classify a
> >class of changes as equivalent (e.g. optimalizations resulting in
> >equivalent code, prelinking).
>
> Do we want to do something about Profile Guided Optimisation, for
> example? I think GCC builds itself with PGO after bootstrapping, and
> I don't know what other packages use some amount of unreproducible PGO.
>
>
PGO is in theory reproducible, it just has another input which is the
profile data. The question is whether it is possible to attack an
otherwise trusted build using fake profile input.
If the profile input is not a usable attack vector, then all that is needed
is consensus on which input to use for a PGO compilation. This is easier
than the trust issue.
Alexander
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20151226/3ab0c57e/attachment-0001.html
More information about the nix-dev
mailing list