Version v0.1
meeting: Software Transparancy
Binary reproducibility & verification protocol (BRVP.ch)
For a long time, we have been shipping binaries to users, often, there is no way for the end-user to check whether the software is honest or have been tampered with. Slowly, we are seeing efforts leading to binary reproducibility in open source projects like the Torproject, Debian and Fedora. This is great! We should develop tools and methodologies to make it easier to achieve binary reproducibility for developers and users.
Next to binary reproducibility, we need a verification protocol, has this binary been signed by the right developer(s)? Can the binary checksum be reproduced? If not, why not, what is different? Are certain networks or nation states modifying binaries from certain projects? And many more questions need to be answered.
By working on binary reproducibility and a verification protocol, we make open source and libre software safer and raise the costs of attackers!
This meeting focuses on introducing the concept in a very rough draft and looking at similar efforts and what can be learned from them.
(Note: this talk was cancelled)
Info
Day:
2015-07-10
Start time:
17:00
Duration:
01:00
Room:
Egressy
Track:
OPSEC
Links:
Feedback
Click here to let us know how you liked this event.
Concurrent events
Speakers
DrWhax |