[liberationtech] Deterministic Builds Part One: Cyberwar and Global Compromise
phreedom at yandex.ru
phreedom at yandex.ru
Thu Aug 22 14:21:25 PDT 2013
> I think a lot of people would benefit from reading Mike Perry's latest
> blog post. He addresses how The Tor Project is working towards the
> problems referenced by Zooko in his latest open letter to Silent Circle:
> "Current popular software development practices simply cannot survive
> targeted attacks of the scale and scope that we are seeing today. "
NixOS distro[1] takes build reproducibility seriously and build determinism is
being worked on.
I have patched the most important toolchains to not systematically introduce
non-determinism[2]. Some of the patches are in the master branch already, some
are in the staging branch and will be merged in a month or two. These patches
are sufficient to make a large subset of package builds deterministic.
After the merge, I'll do another round this time fixing non-determinism due to
quirks of build systems of specific packages. Luckily, there aren't that many
packages like Firefox and luckily Firefox has been already tackled by someone
else :)
I'm committed to making at least installation media, typical desktop and
server installs fully deterministic.
[1] http://nixos.org/nixos/
[2] http://lists.science.uu.nl/pipermail/nix-dev/2013-June/011357.html
More information about the liberationtech
mailing list