[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories

I think deterministic builds would be the best answer to ensure in long
term being free of backdoors.

A deterministic build process to allows multiple builders to create
identical binaries. This allows multiple parties to sign the resulting
binaries, guaranteeing that the binaries and tool chain were not
tampered with and that the same source was used. It removes the build
and distribution process as a single point of failure. [1]

That should help to defeat any kind of sophisticated backdoor on build

[1] Credit for most of this post goes to http://gitian.org/.

Reply to: