[pjc50]

Everything on the same LAN should generally be treated as "compromised/not compromised" together. There's rarely just a compromise of one machine in the same way there's never just one cockroach.

I'm not sure whether distcc affects reproducible builds?

You could, in any case, have tighter controls on the release builds, which would be done on a CI machine before signing.

(Back when I used distcc we didn't distribute across the dev machines, we had an entire build farm of two racks of 2U servers!)

[nicce]

> Everything on the same LAN should generally be treated as "compromised/not compromised" together. There's rarely just a compromise of one machine in the same way there's never just one cockroach.

I would not generalise so quickly. Is every computer compromised in the internet if one is compromised?

No. It highly depends on the trust between those machines and whether they share similar services with critical vulnerabilities. Only then, they might be compromised together.

But the world has evolved and not everyone anymore bases their total trust and security thinking for "no outside internet connection, we are fine".

[meinheld111]

> Is every computer compromised in the internet if one is compromised?

Internet is no lan (local area, L2) where computers do indeed typically have more generous policy regarding access between each other.

Think about the windows firewall asking whether you just connected to a work/public/home network

[ilyt]

> Everything on the same LAN should generally be treated as "compromised/not compromised" together. There's rarely just a compromise of one machine in the same way there's never just one cockroach.

That might've been true 10 years ago and still is in some case but I wouldn't assume that now, far more things run over encryption for example, or have firewall