On Mon, 1 Apr 2024 17:06:17 +0200
Mark Wielaard <m...@klomp.org> wrote:
> We should discuss what we have been doing and should do more to
> mitigate and prevent the next xz-backdoor.
Since we're working on a compiler, "On Trusting Trust" comes to mind.
Russ Cox posted some thoughts last year that might be applicable.
https://research.swtch.com/nih
On a different tack, ISTM it might also be possible to use quantitative
methods. AIUI the xz attack was discovered while investigating
exorbitant power consumption. Could the compiler's power consumption
be measured over some baseline, perhaps on a line-by-line basis? If
so, each new commit could be power-measured, and deemed acceptable if
it's within some threshold, perhaps 10%. That's a guess; over time
we'd learn how much variation to expect.
As a public organization, any would-be attacker would obviously know
what we're doing, and would know to keep his attack under the
threshhold. That makes his job harder, which would have the effect of
encouraging him to look elsewhere.
--jkl
