Rutkowska: Security challenges for the Qubes build process
Rutkowska: Security challenges for the Qubes build process
Posted Jun 4, 2016 22:26 UTC (Sat) by deepfire (guest, #26138)In reply to: Rutkowska: Security challenges for the Qubes build process by nevyn
Parent article: Rutkowska: Security challenges for the Qubes build process
Thankfully, a solution to this has been in the works for quite a while:
http://thread.gmane.org/gmane.linux.distributions.nixos/1...
https://github.com/NixOS/nixpkgs/pull/10851
> Also Nix doesn't do anything to validate the source => binary part of the problem.
Indeed, build signing is yet to be added. Or you have something other than signing in mind?
Posted Jun 11, 2016 22:20 UTC (Sat)
by nevyn (guest, #33129)
[Link]
I'm not sure what that is, I hope that doesn't mean nix doesn't sign it's packages yet? The discussion was about reproducible builds (or something similar) which allows you to verify source => build.
Rutkowska: Security challenges for the Qubes build process