From: Patrick Ohly <patrick.ohly@intel.com>
To: Trevor Woerner <twoerner@gmail.com>
Cc: jurobystricky@hotmail.com,
Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 0/4] Reproducible binaries
Date: Wed, 26 Apr 2017 09:25:19 +0200 [thread overview]
Message-ID: <1493191519.4241.34.camel@intel.com> (raw)
In-Reply-To: <CAHUNapRY94uC0W2Z0Y3GCfMSer5HjOW9AWoe_vc3m3MarxG+0A@mail.gmail.com>
On Tue, 2017-04-25 at 19:22 -0400, Trevor Woerner wrote:
> On Tue, Apr 25, 2017 at 2:14 PM, Juro Bystricky
> <juro.bystricky@intel.com> wrote:
> > The variable defaults to "0" (do not
> > build reproducible binaries) in order to minimize any potential
> > regressions. (Once the reproducible binaries code is mature enough,
> > it can be set to "1".)
>
> My guess is that people would prefer security over reproducibility.
When all machines targeted by an attack run the same build, they also
share the same seeds, regardless whether that build was reproducible or
not. In that case it doesn't matter, the attack method and complexity
would be the same with or without reproducibility.
It gets a bit harder when targeting multiple different OS builds, but
relying on randomness in the build as a defense against attacks isn't
particularly secure.
If people prefer security, they shouldn't use prelinking and ensure that
the machines comes up with good, per-machine entropy for the random
number generation that needs to happen on the machine.
How much does reproducibility then still matter? I suspect not that
much.
> Maybe we need more consensus for the default value going forward?
Yes, it's worth considering.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
next prev parent reply other threads:[~2017-04-26 7:25 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-25 18:14 [PATCH 0/4] Reproducible binaries Juro Bystricky
2017-04-25 18:14 ` [PATCH 1/4] bitbake.conf: new variable BUILD_REPRODUCIBLE_BINARIES Juro Bystricky
2017-04-25 18:14 ` [PATCH 2/4] base.bbclass: initial support for binary reproducibility Juro Bystricky
2017-04-25 18:14 ` [PATCH 3/4] image-preling.bbclass: support " Juro Bystricky
2017-04-25 18:14 ` [PATCH 4/4] rootfs-postcommands.bbclass: " Juro Bystricky
2017-04-25 18:36 ` [PATCH 0/4] Reproducible binaries Martin Jansa
2017-04-25 19:24 ` Bystricky, Juro
2017-04-26 7:42 ` Martin Jansa
2017-04-26 16:43 ` Bystricky, Juro
2017-04-26 17:52 ` Martin Jansa
2017-04-26 18:22 ` Khem Raj
2017-04-26 18:33 ` Martin Jansa
2017-04-26 19:50 ` Bystricky, Juro
2017-04-27 9:50 ` Joshua Lock
2017-04-27 15:14 ` Bystricky, Juro
2017-04-25 23:22 ` Trevor Woerner
2017-04-26 7:25 ` Patrick Ohly [this message]
2017-04-26 16:27 ` Bystricky, Juro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1493191519.4241.34.camel@intel.com \
--to=patrick.ohly@intel.com \
--cc=jurobystricky@hotmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=twoerner@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.