From eugen@leitl.org Fri Aug 23 07:30:09 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [liberationtech] Deterministic Builds Part One: Cyberwar and Global Compromise Date: Fri, 23 Aug 2013 13:30:06 +0200 Message-ID: <20130823113006.GO29404@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1358306285960437811==" --===============1358306285960437811== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from phreedom(a)yandex.ru ----- Date: Fri, 23 Aug 2013 00:21:25 +0300 From: phreedom(a)yandex.ru To: liberationtech Subject: Re: [liberationtech] Deterministic Builds Part One: Cyberwar and Glo= bal Compromise User-Agent: KMail/4.10.5 (Linux/3.9.11; KDE/4.10.5; i686; ; ) Reply-To: liberationtech > I think a lot of people would benefit from reading Mike Perry's latest > blog post. He addresses how The Tor Project is working towards the > problems referenced by Zooko in his latest open letter to Silent Circle: > "Current popular software development practices simply cannot survive > targeted attacks of the scale and scope that we are seeing today. " NixOS distro[1] takes build reproducibility seriously and build determinism i= s=20 being worked on. I have patched the most important toolchains to not systematically introduce = non-determinism[2]. Some of the patches are in the master branch already, som= e=20 are in the staging branch and will be merged in a month or two. These patches= =20 are sufficient to make a large subset of package builds deterministic. After the merge, I'll do another round this time fixing non-determinism due t= o=20 quirks of build systems of specific packages. Luckily, there aren't that many= =20 packages like Firefox and luckily Firefox has been already tackled by someone= =20 else :) I'm committed to making at least installation media, typical desktop and=20 server installs fully deterministic. [1] http://nixos.org/nixos/ [2] http://lists.science.uu.nl/pipermail/nix-dev/2013-June/011357.html --=20 Liberationtech is a public list whose archives are searchable on Google. Viol= ations of list guidelines will get you moderated: https://mailman.stanford.ed= u/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change p= assword by emailing moderator at companys(a)stanford.edu. ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============1358306285960437811==--