So you personally vouch for the machine code in the official release not containing any hidden surprises at present? By the way there is a bug in the text of the FAQ for installing the xenocara source that clobbers usr because it's missing a mkdir -p command for an expected directory.
On Thu., Jun. 15, 2023, 21:00 Theo de Raadt, <dera...@openbsd.org> wrote: > "Schech, C. W. (\"Connor\")" <sch...@gmail.com> wrote: > > > I want to avoid derailing into trusting trust or designing a system > > from scratch. The official build not being portable and the recursion > > it introduces is orthogonal to system integrity.. Adding say, official > > distcc support, and bringing back say, GCC avoids that recursion. I am > > concerned with simple system integrity aspects and cross-build > > contamination. SLS3 is the current buzzword framework for that, with > > up-to-date terminology, if you think that adding checksums to objects > > that are signed is just something I dreamt up that no one is thinking > > or has thought about. I don't have money to pay a consulting firm to > > develop a POSIX build script for me that I can run on a junk HP-UX > > workstation and be "totally assured". > > We have signed checksums on the entire install. There is no need to > revalidate them. > > If some attacker is going to attack the relink kit, they are going to > attack the other 99.9% of the files also. Actually they are more likely > to attack the other 99.9% of files because it is easier and more > effective. You are afraid of 2nd and 3rd order problems. > > Solving that one little narrow problem of sha256 on .o files in a > directory is not a step in the same direction as the buzzwords salad > above. > > >
