On 2013-08-17, at 1:50 PM, Jon Callas wrote: > On Aug 17, 2013, at 12:49 AM, Bryan Bishop <kanz...@gmail.com> wrote: > >> Would providing (signed) build vm images solve the problem of >> distributing your toolchain? > > Maybe. The obvious counterexample is a compiler that doesn't > deterministically generate code, but there's lots and lots of hair in > there, including potential problems in distributing the tool chain > itself, including copyrighted tools, libraries, etc. > > But let's not rathole on that, and get to brass tacks. > > I *cannot* provide an argument of security that can be verified on its > own. This is Godel's second incompleteness theorem. A set of > statements S cannot be proved consistent on its own. (Yes, that's a > minor handwave.) > > All is not lost, however. We can say, "Meh, good enough" and the > problem is solved. Someone else can construct a *verifier* that is > some set of policies (I'm using the word "policy" but it could be a > program) that verifies the software. However, the verifier can only be > verified by a set of policies that are constructed to verify it. The > only escape is decide at some point, "meh, good enough."
Gitian can build projects deterministically such that the result can be corroborated by many parties: <http://gitian.org/> I don't know if it can be used with the app stores but it shows that the process is doable for those who really care. Personally I think time is better spent on static analysis for example. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
