From owner-freebsd-questions@FreeBSD.ORG Sun Mar 9 01:19:16 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9A9DF8F5 for ; Sun, 9 Mar 2014 01:19:16 +0000 (UTC) Received: from holgerdanske.com (unknown [IPv6:2001:470:0:19b::b869:801b]) by mx1.freebsd.org (Postfix) with SMTP id 74BBCEF8 for ; Sun, 9 Mar 2014 01:19:16 +0000 (UTC) Received: from ::ffff:184.23.143.12 ([184.23.143.12]) by holgerdanske.com for ; Sat, 8 Mar 2014 17:19:07 -0800 Message-ID: <531BC18B.5040504@holgerdanske.com> Date: Sat, 08 Mar 2014 17:19:07 -0800 From: David Christensen User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20131104 Icedove/17.0.10 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Secure Infrastructure [Crypto signed ISO images] References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 01:19:16 -0000 On 03/08/2014 02:31 PM, grarpamp wrote: > Until the FreeBSD project ... > (1) moves to a repository ... [that] has an internal crypto hash structure ... > (2) has and uses deterministic reproducible builds for everything flowing downstream from that ... > ... signing the periphery may look good to the casual observer, but it is ultimately untraceable in any cryptographic sense to the code from which those periphery elements are purported to come from. What about the processor microcode, device(s) firmware, BIOS, extension ROM(s), boot managers, boot loaders, kernels, operating systems, installed software, etc., of the machines used to serve the repository and do the builds? David