[kibwen]

The reason to care about getting the same binary as the rest of the world is that it increases the likelihood that an attack will be detected.

In the case with neither binary transparency or reproducible builds, a nefarious actor can target a single user with a tainted binary and it's unlikely that the user will find out and difficult for them to rule out the possibility of tampering up-front.

In the case with binary transparency but no reproducible builds, a nefarious actor must target all users which makes it more likely that someone will notice, but still difficult for people to rule out tampering up-front.

In the case with reproducible builds but no binary transparency, it's easy for people who are paranoid to rule out tampering with the binary, but people who aren't paranoid are unlikely to discover that their specific binaries were tampered with, so a targeted attack will still probably go undetected.

In the case with both reproducible builds and binary transparency, it only takes one paranoid person discovering a tampered binary to alert the whole world that their own binaries have been tampered with. It's safety in numbers, even for those not technically-literate enough to determine (or even suspect) tampering.

[copper_rose]

Thank you for the clarification. I can see from your examples why binary transparency is a useful concept worth considering in its own right. I still suspect there is a huge amount of overlap between the problems the author is trying to solve and they ones that Nix/Guix has already solved (especially the way they want to use a hashing algorithm to identify the release). I'll bet a general solution for binary transparency could be built - a solution from which practically all software in general could benefit, not just Firefox in particular - by building on top of (or at least learning from) the base that the purely functional software deployment model, as pioneered by Nix, has already given us.

I am not simply saying "They should use Nix" as if that would magically accomplish their goals. I am saying that they could build on top of, or at least learn from, the novel techniques that Nix has contributed to the field of software deployment.

[aaronlevin]

One of the people involved in the reproducible builds project is a NixOS committee. Fairly certain they're aware of nix/guix

[copper_rose]

Does the reproducible builds project have a hand in the project to give Security/Binary Transparency to Firefox? I ask because i don't know, and I saw no language to suggest that in the page linked.