[Cryptech Core] lager

Peter Stuge peter at stuge.se
Mon Feb 23 07:56:57 UTC 2015

Previous message (by thread): [Cryptech Core] lager
Next message (by thread): [Cryptech Core] lager
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush wrote:
> >> and seven million lines of gcc is?
> > They are auditable, so yes, potentially transparent.
> 
> and how will we audit seven million lines of code?  and then libc?
> and then ...?

This is an excellent case for ongoing peer review. I agree that
after-the-fact audits are difficult, but at the same time I know
how easy ongoing peer review (of every single commit) is, I've seen
how it can help very much indeed. It takes time however.

> look at the sad state of the one serious audit, truecrypt.

Do you think that the audit is the reason for the sad state?

> so, potentially cash could fall from the sky.  in the meantime, a few
> billion are under-fed.

There are several different compilers and libc implementations
around, which doesn't just mean one can choose and audit something
else, but it also enables reliable reproducible builds.

https://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html

//Peter

Previous message (by thread): [Cryptech Core] lager
Next message (by thread): [Cryptech Core] lager
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list