is a very, very lofty goal. Taken to the extreme, I don't understand C fully. Does this mean that I should stop using the Linux kernel? Should we all channel our inner Terry Davis and make our own TempleOS's?
Meanwhile a simplified threat model would look something like this:
(P.S. keep in mind that I'm just typing this out as I'm thinking about it, obviously a proper such document would be much longer and more thought out)
The problem statement is that the binary cannot be easily confirmed to correspond to the source code. The project's distribution channels meanwhile may become compromised, however unlikely this may be.
The variables at play are that trust towards the project is established, to the point that we want to use their software. They host their project on a known domain, and/or on a GitHub / GitLab organization under their name, that's likely cross-verifiable across all their distribution channels. Therefore, we know and trust that those are the channels they use.
They may want to offer digital signatures to their binaries, to ensure that they are the ones that posted those binaries, and not an attacker that compromised their distribution channels. Or they may offer a checksum, but that can be replaced by the attacker too. So checksums are ineffective.
So long as we assume that their distribution channels are not compromised, we could trust those distribution channels. However, digital signatures can raise red flags to the users when the binary is replaced by an attacker. Their presence would be beneficial.
Reproducible code is another possible solution to this problem. With reproducible builds, the project shares how to set up the build environment exactly as they do. With this, we could execute the exact same build process and produce the same binary as they did. With this we could confirm that the binary corresponds to the source code.
Your long texts makes me believe you're an AI language model talking 😆
He was the best essay maker in the school XD
We aren't on twitter man
I didn't say that in a mean way
checksums are meant for file integrity and not for security. I've been spooked enough times by people thinking that just because the sha matches that means the software is secure
Twitter doesn't esxits
Don't worry, I didn't perceive it as such either. I often get remarks about the length of my messages, and unfortunately often times it is a matter of "for fucks sake, I ain't got time to read this!".. meanwhile this didn't strike me as such at all. Quite refreshing actually, I'm glad that there's still people that don't subscribe to the tweet/reel culture :)
You could still improve, this is my friend
Omg hahaha, I tip my hat to your friend! 😁
I like long messages because I'm not a native english speaker, so this way I can learn some new words
I dislike them for the same exact reason
Yeah, Non-professional way for learning
A video format that should've never existed
Обсуждают сегодня