Time to resurrect multi-key signatures in RPM?
David A. Wheeler
dwheeler at dwheeler.com
Thu Aug 28 22:56:14 UTC 2008
>And if you are really paranoid you have to wonder about the compiler and
>any existing libraries too: http://cm.bell-labs.com/who/ken/trust.html.
I'm actively working on techniques for countering malicious compilers/libraries;
I even had a paper published by ASCAC on the topic:
(The example in the paper was run on Fedora.)
Unsurprisingly, it requires determinism (e.g., recompiling the same
program with the same compiler, on & for the same architecture,
produces the same binary).
This kind of determinism is not something that should be
_required_ for Fedora 10, but it'd be a good thing to shoot for.
Determinism is good for testing & debugging, anyway. If the compiler,
running on the SAME architecture, generates different code when you
re-run it, some kinds of compiler bugs are devilishly hard to track down.
--- David A. Wheeler
More information about the fedora-devel-list