----- Forwarded message from phreedom@yandex.ru ----- Date: Fri, 23 Aug 2013 00:21:25 +0300 From: phreedom@yandex.ru To: liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [liberationtech] Deterministic Builds Part One: Cyberwar and Global Compromise User-Agent: KMail/4.10.5 (Linux/3.9.11; KDE/4.10.5; i686; ; ) Reply-To: liberationtech <liberationtech@lists.stanford.edu>
I think a lot of people would benefit from reading Mike Perry's latest blog post. He addresses how The Tor Project is working towards the problems referenced by Zooko in his latest open letter to Silent Circle:
"Current popular software development practices simply cannot survive targeted attacks of the scale and scope that we are seeing today. "
NixOS distro[1] takes build reproducibility seriously and build determinism is being worked on. I have patched the most important toolchains to not systematically introduce non-determinism[2]. Some of the patches are in the master branch already, some are in the staging branch and will be merged in a month or two. These patches are sufficient to make a large subset of package builds deterministic. After the merge, I'll do another round this time fixing non-determinism due to quirks of build systems of specific packages. Luckily, there aren't that many packages like Firefox and luckily Firefox has been already tackled by someone else :) I'm committed to making at least installation media, typical desktop and server installs fully deterministic. [1] http://nixos.org/nixos/ [2] http://lists.science.uu.nl/pipermail/nix-dev/2013-June/011357.html -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5