Time to resurrect multi-key signatures in RPM?

David A. Wheeler dwheeler at dwheeler.com
Thu Aug 28 22:56:14 UTC 2008

Les Mikesell:
>And if you are really paranoid you have to wonder about the compiler and
>any existing libraries too: http://cm.bell-labs.com/who/ken/trust.html.

I'm actively working on techniques for countering malicious compilers/libraries;
I even had a paper published by ASCAC on the topic:
(The example in the paper was run on Fedora.)

Unsurprisingly, it requires determinism (e.g., recompiling the same
program with the same compiler, on & for the same architecture,
produces the same binary).

This kind of determinism is not something that should be
_required_ for Fedora 10, but it'd be a good thing to shoot for.
Determinism is good for testing & debugging, anyway.  If the compiler,
running on the SAME architecture, generates different code when you
re-run it, some kinds of compiler bugs are devilishly hard to track down.

--- David A. Wheeler 

More information about the fedora-devel-list mailing list