Does the reproducible builds project have a hand in the project to give Security/Binary Transparency to Firefox? I ask because i don't know, and I saw no language to suggest that in the page linked.
Thank you for the clarification. I can see from your examples why binary transparency is a useful concept worth considering in its own right. I still suspect there is a huge amount of overlap between the problems the…
Nix's functional software deployment model is a useful tool for building software reproducibly, but reproducible builds are neither the primary motivation for nor the primary goal of the Nix model. For information on…
I can understand why those scenarios would be concerning. Ultimately, what matters depends on the threat model. I believe that the Nix model can be used as a base for solving issues like the one presented here, and that…
The stated goal is to enable someone to verify "that they have gotten the same version as the rest of the world and not a special, possibly compromised version." This is actually two goals: (1) verify that your version…
Yikes. All those nines of durability that Amazon provided for Dropbox...brought to naught by a bug in Dropbox's software.
The problem is that in many server environments, particularly at scale, the speed of the bootstrap processes of the OS doesn't matter. One of the goals of systemd is to make the bootstrap process faster, which is…
He's hit the nail on the head - systemd's fundamental design is not appropriate for the server environment: "I have to provide a system that runs reliably and can easily be reasoned about and yet I have to build it on…
Does the reproducible builds project have a hand in the project to give Security/Binary Transparency to Firefox? I ask because i don't know, and I saw no language to suggest that in the page linked.
Thank you for the clarification. I can see from your examples why binary transparency is a useful concept worth considering in its own right. I still suspect there is a huge amount of overlap between the problems the…
Nix's functional software deployment model is a useful tool for building software reproducibly, but reproducible builds are neither the primary motivation for nor the primary goal of the Nix model. For information on…
I can understand why those scenarios would be concerning. Ultimately, what matters depends on the threat model. I believe that the Nix model can be used as a base for solving issues like the one presented here, and that…
The stated goal is to enable someone to verify "that they have gotten the same version as the rest of the world and not a special, possibly compromised version." This is actually two goals: (1) verify that your version…
Yikes. All those nines of durability that Amazon provided for Dropbox...brought to naught by a bug in Dropbox's software.
The problem is that in many server environments, particularly at scale, the speed of the bootstrap processes of the OS doesn't matter. One of the goals of systemd is to make the bootstrap process faster, which is…
He's hit the nail on the head - systemd's fundamental design is not appropriate for the server environment: "I have to provide a system that runs reliably and can easily be reasoned about and yet I have to build it on…