25Ağu
What are the security trade-offs of using reproducible builds?
From reproducible-builds.org:
Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers.
In general, it means that given the same source code, you end up with the identical binary. I see that the concept has lots of advantages, but I wonder whether there are disadvantages when you are no longer allowed to use any form of randomization during compilation.
What are the implications of switching to reproducible builds?
- Against which types of attacks will it improve security?
- Against which types of attacks will it reduce security by preventing compilation techniques based on randomization?
