IRC channel logs
2020-08-05.log
back to list of logs
<akkartik>Of course, the author also claims plausibly deniable 'bugdoors' are easier to write than binary edits. If you believe that I guess evrything else is moot. <akkartik>Anyways, I'm curious to hear your thoughts. <Profpatsch>akkartik: Just tell them that they can’t use good build caching without reproducibilty <Profpatsch>Because that’s the part that capitalistic companies actually care about <Profpatsch>wow, I just realized we haven’t mentioned early cutoff once in our blog <Hagfish>ugh, Tavis, i expected more from you <Hagfish>"They can still provide malicious source code to the builders for them to build and sign." <Hagfish>use, and reproducible builds doesn't stop the source code from having bugs either <OriansJ`>akkartik: well it is true. It is easier to write malicious code in high level languages than it is in binary (atleast manually) but it is also much harder to hide malicious code in the long term. Sure things like the International Obfuscated C Code Contest and Underhanded C Contest show the sort of ways of hiding malicious behavior. But complexity is key for hiding bad behavior; all long term code cleanups will inevitably eliminate any <OriansJ`>personally I think the writer is thinking too much in the perspective of proprietary software distribution; where access to source code doesn't happen and blind trust is the default.