On Mon, Oct 9, 2017 at 10:31 AM, Philipp Wagner <n...@philipp-wagner.com> wrote:
> Am 09.10.2017 um 07:31 schrieb Tom Ritter: > > As part of our work with Tor, we’ve been working on getting a MinGW-based > > build of Windows into TaskCluster. > > A maybe too obvious question from the side lines: Why is the Tor browser > cross-compiled and not using MSVC? > > Building on Linux allows Tor Browser (including its entire toolchain and dependencies) to be built deterministically and thus reproducibly using an entirely open source toolchain. (There are a few small exceptions but they're quite small.) Reproducible builds significantly reduce the trust inherent in an organization's build infrastructure and when recreated independently ensure that nothing unexpected was inserted into the final executable. Having the entire toolchain open source ensures that anyone who wants to inspect the code or reason about its behavior can do so. (And as I've learned in the past year Tor actually has a good amount of anonymous contributors reading the source code of its toolchain and reporting things.) You can read more about the philosophy behind this movement at https://blog.torproject.org/deterministic-builds-part-one-cyberwar-and-global-compromise https://reproducible-builds.org/ CCleaner is a good example of attackers backdooring compiled software. The next step, past reproducible builds, is Binary Transparency, which ensures that before an update is applied, it is publicly known, so attackers cannot surreptitiously subvert the update mechanism. Tor is exploring some avenues there. FLAME is a good example of attacking the update mechanism. I would describe Mozilla as 'curious' about reproducible builds (see https://bugzilla.mozilla.org/show_bug.cgi?id=885777); but we are actively working on Binary Transparency (see https://bugzilla.mozilla.org/show_bug.cgi?id=1341395). -tom _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
