Reproducible but individually signed?

> If you have independently verified that a build is reproducible, then having an external signature does not in practice harm the reproducibility; and if you trust the signer to have signed the authentic output, verifying that signature against your build guarantees that you have the same result.

If so:

I think that depends on whether we want to have signatures _within_ the artifact being reproduced (such as the kernel) or external to it. If the signatures need to be inside what we measure *and* what we want to be reproducible, I don't think that's feasible. I think your comment aligns with what I suggested about moving the signature outside the reproducibility scope.

That is, if we have a package that doesn't itself contain PKI that you are supposed to be in control of inside the scope of reproducibility, then, yes, we could verify an external signature against the build artifact. But that's not the use case here. Here we want to have a kernel package that inherently contains a public key and verifies signatures on modules that are loaded. It needs this to implement the functionality of verifying that the modules it loads are legitimate (blessed by you).

Sure, we could make a "reproducible" kernel build where we just embed a key that someone else generated and have all kernel modules contain a signature by this third party, as long as we never modify them. This would allow us to load exactly these blessed versions. It would also enable us to rebuild that precise kernel and load exactly those modules, but we couldn't modify a module's source code and load it because the signature check would fail. On the other hand, this third party would be able to sign a malicious module and load it the computer. I find this less than ideal.

And my point is that unless we have a method to have the signatures and the public key outside the scope of reproducibility, that is fundamentally, *definitionally* incompatible with the user having control over the signatures (it's by definition not a useful cryptographic signature if anyone can reproduce it).

OTOH what I think could be done, in principle, is to move the signing part out of the kernel building part, but that would require some infrastructure. We could have a "kernel with holes for signatures" that is reproducible and that could be turned into a non-reproducible "kernel with signatures". If something like this were to happen, I'd hope the mechanism would be generic enough that it's not a one-off for the kernel use case, since the problem is clearly more generic than that.

But I also don't think it's possible to just wave hands here and say that the kernel people or cryptographers need to find a solution that satisfies the constraints the way we now measure reproducibility, because that is actually very deeply, definitionally impossible, like a square with three sides.