[mosh-devel] Mosh OS X package build on Travis
Jim Cheetham
jim.cheetham at otago.ac.nz
Wed Nov 2 20:43:47 EDT 2016
Quoting john hood (2016-11-02 18:45:17)
> This isn't going to happen instantly. One approach to the trust issue
> here might be to just cop out-- stop doing OS X package builds and tell
> people to build their own, until we get this stuff into better shape.
That probably doesn't really help - just because you can't have a 'perfect' build environment doesn't mean that the world is a better place if you have none :-)
Transparency is the first part: whatever your build method is, make sure it is described so that potential users can make up their own minds about the risks.
Then add as much accountability as possible, in terms of build logs and any artefacts like that, in case someone else can spot a problem that you didn't see on a particular given run. That is also helpful in terms of build quality itself, not just the security issues.
As long as there is a viable path for an end-user to take from the source to a binary without trusting anything else from you, that's great. Some products (e.g. TrueCrypt) were exceptionally difficult to build, which was a problem.
A repeatable build environment with a transparent trusted process? Probably not going to happen in the OS X world very easily, so just take steps to get closer :-)
--
Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z.
✉ jim.cheetham at otago.ac.nz ☏ +64 3 470 4670 ☏ m +64 21 279 4670
⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: signature
Url : http://mailman.mit.edu/pipermail/mosh-devel/attachments/20161102/1a2b5e29/attachment.bin
More information about the mosh-devel
mailing list