On Tue, 2017-04-25 at 19:22 -0400, Trevor Woerner wrote: > On Tue, Apr 25, 2017 at 2:14 PM, Juro Bystricky > <juro.bystri...@intel.com> wrote: > > The variable defaults to "0" (do not > > build reproducible binaries) in order to minimize any potential > > regressions. (Once the reproducible binaries code is mature enough, > > it can be set to "1".) > > My guess is that people would prefer security over reproducibility.
When all machines targeted by an attack run the same build, they also share the same seeds, regardless whether that build was reproducible or not. In that case it doesn't matter, the attack method and complexity would be the same with or without reproducibility. It gets a bit harder when targeting multiple different OS builds, but relying on randomness in the build as a defense against attacks isn't particularly secure. If people prefer security, they shouldn't use prelinking and ensure that the machines comes up with good, per-machine entropy for the random number generation that needs to happen on the machine. How much does reproducibility then still matter? I suspect not that much. > Maybe we need more consensus for the default value going forward? Yes, it's worth considering. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
