Re: Time to resurrect multi-key signatures in RPM?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les Mikesell:
>And if you are really paranoid you have to wonder about the compiler and
>any existing libraries too: http://cm.bell-labs.com/who/ken/trust.html.

I'm actively working on techniques for countering malicious compilers/libraries;
I even had a paper published by ASCAC on the topic:
http://www.dwheeler.com/trusting-trust/
(The example in the paper was run on Fedora.)

Unsurprisingly, it requires determinism (e.g., recompiling the same
program with the same compiler, on & for the same architecture,
produces the same binary).

This kind of determinism is not something that should be
_required_ for Fedora 10, but it'd be a good thing to shoot for.
Determinism is good for testing & debugging, anyway.  If the compiler,
running on the SAME architecture, generates different code when you
re-run it, some kinds of compiler bugs are devilishly hard to track down.

--- David A. Wheeler 

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux