Date: Sat, 10 Aug 2002 16:43:54 -0700 From: Colin Percival <Colin_Percival@sfu.ca> To: Wouter Van Hemel <wouter@pair.com>, Colin Percival <Colin_Percival@sfu.ca> Cc: freebsd-hackers@freebsd.org Subject: Re: release variability Message-ID: <5.0.2.1.1.20020810163418.02072c10@popserver.sfu.ca> In-Reply-To: <1028991462.212.32.camel@cocaine> References: <5.0.2.1.1.20020810024458.02035e48@popserver.sfu.ca> <5.0.2.1.1.20020808000218.01fcd120@popserver.sfu.ca> <5.0.2.1.1.20020810024458.02035e48@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 16:57 10/08/2002 +0200, Wouter Van Hemel wrote: >On Sat, 2002-08-10 at 15:13, Colin Percival wrote: > > This raises two questions: > > 1. Is there any way I can set up my system to consistently build the same > > world? > >I think what you're trying to do here is impossible. Every condition would >have to be the same as on the initial build machine, and even then, your >time will not always match. Whatever you're trying to do, it seems like >the wrong solution to me... I don't need to build the same result as the machine which built the published -RELEASE; what I'd like to do, however, is perform various builds along the RELENG_x_y branch in such a way that I can identify which files had real changes, so that updates (consisting of only the changed files) can be published. > > 2. Is this really a desireable state of affairs at all? As it is, it is > > practically impossible for someone to `make release` on their own and > > compare their version to the official version to ensure that the build was > > correct. Reproducibility and verifiability are rather important matters > > when it comes to security. > > > >There are better ways to check the integrity of the code. The most simple >way I can think of, is if you e.g. install from a cd, check the md5sum. You misunderstand me. We have to trust the source code we receive; as it is, we have to either build our own release or trust one machine to build it for us. If `make release` always produced the same result given the same source tree, then several machines could build the release and publish the md5 sum of the result. Trusting several independant machines which agree on an answer is much safer than trusting a single machine (and makes that single machine less of a target). Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20020810163418.02072c10>