I think deterministic builds would be the best answer to ensure in long term being free of backdoors.
A deterministic build process to allows multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used. It removes the build and distribution process as a single point of failure. [1] That should help to defeat any kind of sophisticated backdoor on build machines. [1] Credit for most of this post goes to http://gitian.org/. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51fcca78.5080...@riseup.net
