[issue25255] Security of CPython Builds
phelix added the comment: @Brett: Thanks for the info, I had not noticed PEP 101 had been updated. @Paul: Ah, I had not found PCBuild/readme.txt yet. I did look at the devguide but I got the impression it was mostly meant for debug builds. > Basically through trusting the people who produce the builds. I assume these builders are very experienced and well known developers (thanks btw I like Python very much). I would trust them a very long way. But it is not their integrity that is in question. Python is so popular that there might be large monetary (and other) incentives to force builders into something. Just for Bitcoin alone probably millions of dollars. I was only recently made aware about this from Namecoin team members (and this [1] video about reproducible builds from CCC14) but as far as I see it now there is a very valid core in their argumentation. Our well respected team member Joseph Bisch has looked into reproducible builds of CPython and concluded that it might a difficult thing to do with a project as large as Python [2]. But maybe there are other ways to make builds more secure? I realize it is a lot I am asking here but build security will certainly get more and more important with time. Could things be improved by getting several developers together to create a secure VM as a starting point that make reproducible builds easier? [1] https://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html#video&t=18 [2] https://forum.namecoin.info/viewtopic.php?p=15869#p15869 -- ___ Python tracker <http://bugs.python.org/issue25255> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25255] Security of CPython Builds
phelix added the comment: Thank you all for your responses. > Having read your link [2] above (at least briefly), it seems the aim is to > compare hashes of builds from multiple people to verify that nobody > maliciously modified the binaries. Exactly. Also it might protect the people actually doing the builds from extortion and accusations from backdoor victims (e.g. in case of hacked build system). > That isn't going to work for Windows because we cryptographically sign the > binaries. The only people who could produce bit-for-bit identical builds are > those trusted by the PSF, and not independent people. So if you don't trust > the PSF and implicitly the people trusted by the PSF, you can't actually do > anything besides building your own version and using that. Joseph tried just that but ran into issues. > However, the rest of the build is so automated that other personal variations > will not occur. As I mentioned above, I have exactly one batch file to build > the full span of releases for Windows, and I just run that. It's public and > in the repo, so anyone else can also run it, they just won't get bit-for-bit > identical builds because of timestamps, embedded paths, and certificates. Timestamps and paths should be handled by the Gitian secure build system (cross compile). >From my point this issue can be closed as my questions are answered. We will >take another look at building reproducibly. If we run into problems I will >create another issue here in the hope you can help again. :) -- ___ Python tracker <http://bugs.python.org/issue25255> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25255] Security of CPython Builds
New submission from phelix bitcoin: A description of the build and release process for CPython binaries (e.g. for Windows) would be great. Maybe I am missing something? I could not find any information other than the 14 years old PEP 101 which says: "Notify the experts that they can start building binaries." E.g. how is it ensured there are no backdoors in the binaries? Background: For the Namecoin project we are currently discussing the potential necessity of reproducible builds. -- assignee: docs@python components: Build, Devguide, Documentation, Windows messages: 251753 nosy: docs@python, ezio.melotti, paul.moore, phelix bitcoin, steve.dower, tim.golden, willingc, zach.ware priority: normal severity: normal status: open title: Security of CPython Builds type: enhancement ___ Python tracker <http://bugs.python.org/issue25255> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
