From owner-freebsd-ports@freebsd.org Thu Feb 11 12:59:48 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 566CFAA5767 for ; Thu, 11 Feb 2016 12:59:48 +0000 (UTC) (envelope-from mailinglists@toco-domains.de) Received: from toco-domains.de (mail.toco-domains.de [IPv6:2a01:4f8:150:50a5::6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DF93FA6B for ; Thu, 11 Feb 2016 12:59:47 +0000 (UTC) (envelope-from mailinglists@toco-domains.de) Received: from [192.168.0.120] (port-212-202-156-99.static.qsc.de [212.202.156.99]) by toco-domains.de (Postfix) with ESMTPA id 954341B22067; Thu, 11 Feb 2016 13:59:43 +0100 (CET) Subject: Re: synth documentation To: kpneal@pobox.com, John Marino References: <56B9EDC7.1010403@ohlste.in> <56B9F2D6.1090107@marino.st> <20160210015708.GN71035@eureka.lemis.com> <56BAF8E0.7020604@marino.st> <20160210090136.GC46096@home.opsec.eu> <56BAFEBD.9000004@marino.st> <20160210172907.GA14793@neutralgood.org> Cc: Kurt Jaeger , FreeBSD Mailing List From: =?UTF-8?Q?Torsten_Z=c3=bchlsdorff?= Message-ID: <56BC3FB9.5000908@toco-domains.de> Date: Thu, 11 Feb 2016 09:00:57 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: <20160210172907.GA14793@neutralgood.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2016 12:59:48 -0000 On 10.02.2016 18:29, kpneal@pobox.com wrote: > On Wed, Feb 10, 2016 at 10:11:25AM +0100, John Marino wrote: >> On 2/10/2016 10:01 AM, Kurt Jaeger wrote: >> So I guess [A] could say FreeBSD package builder is compromised >> (intentionally by FreeBSD project or unknown to all due a hacker). And >> I guess that could be possible, but the counter is: If you cant' trust >> packages built by FreeBSD, how can you trust the FreeBSD base not to >> have a trojan? >> >> Which would mean that only the people that *also* build FreeBSD from >> source would have a leg to stand on. >> >> So I will concede that case: If you accept no binaries at all from >> FreeBSD and only build base and packages from source, then you have a >> point. But still the response, "Then don't complain" applies. It's a >> conscious decision and consequences of decisions must be accepted. > > Well, no, actually there's no end of it. > > Can you trust the compiler used to compile FreeBSD from source? > > Can you trust your motherboard's firmware to not install patches onto > FreeBSD after compiling from source? (This is old hat on Windows to make > it easy for people to get the right drivers from a fresh install of Windows.) > > Can you trust the update procedure for your board's firmware? > > Can you trust that there isn't a trojan in your CPU's microcode? > > Seriously, it never ends. You just have to pick a level and say you trust > everything below that. Not "everything below". It is much easier to trust specific parts instead of everything below a specific part. You can say i trust the assembler part of FreeBSD but not driver X even if both are in the core. The source of FreeBSD is big and many people are involved. Even when trying to get the same high quality for everything this is not possible. Not only by the involved person and their various level of trustfulness - which does not mean they are suspicious. Many bad thinks happens just because of missing knowledge and not because of criminal attempts. It is also because of the chosen tools including the language. Many very low level constructs are not completely testable just because of the used language. Oh - and then there are these languages where many parts are undefined, so it is not possible to write a program in a way which is always correct. The last point is a big advantage of Ada, which is one of the rare languages which is nearly completely defined and which compiler is tested by "trusted institutions". Of course you can distrust them, but in reality you really feel the difference. Also distrusting in this level is more a philosophical problem. Why should i end which the microcode in my CPU? I should distrust every doctor, food, institution and person on earth. I should even distrust this paper from this unknown guy, which could be just a very good disinformation technique. There are multiple ones in this manner. There is no guarantee for trust. Maybe i should distrust myself and my existence - there are many stories where a human becomes aware that it is just a simulation. Or lives in a very big TV-show without knowing. You could not know. But this is wrong. Trust is not something a different person/tool/institution/etc offers to me or gained by somebody or something. Trust is something i am able to. Of course it would be silly to trust everything and everyone. But so is distrusting. You need to learn to handle the case of somebody or something misuse your trust. And how to raise the barrier for a misusage. This can be learned from persons who knows this - and they provide far better quality in various parts of our live; for example in source-code ;) Greetings, Torsten