Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!]

adrelanos adrelanos at riseup.net
Thu Jun 20 19:26:44 PDT 2013


Mike Perry:
> This means that software development has to evolve beyond the simple
> models of "Trust my gpg-signed apt archive from my trusted build
> machine", or even projects like Debian going to end up distributing
> state-sponsored malware in short order.

Hi Mike,

Very few, if any, people from the Debian community (or any other disto)
are aware of that threat model yet.

I failed explaining the threat model. So I am looking forward to your
blog post. More publicity about this little known, yet very serious
topic, is important.

Best,
adrelanos



More information about the liberationtech mailing list