Hacker News new | ask | show | jobs
by pshirshov 63 days ago
But sorta possible to solve with source-based distribution and totally possible to solve with pure reproducible builds.
2 comments
gertop 63 days ago
It's entirely possible to ship malware in source form... Just look at the numerous supply chain attacks. Nix is a cute project but entirely irrelevant here.
link
miniBill 63 days ago
It is possible but visible, and it means burning an identity, so it's not irrelevant
link
Thorrez 62 days ago
Burning an identity? Instead of hacking the server that serves the binary, you have to hack the developer's machine and commit a malicious source change.

I wouldn't consider either of them to burn an identity.

link
daveguy 63 days ago
What systems have pure reproducible builds? Does Nix? Any others? From what I understand, it is a very difficult problem.
link
pshirshov 63 days ago
https://stal-ix.github.io/ and Guix, but the definitions of purity are different for them.

Yes, a very difficult problem, compilers must be pure functions with thin effectful wrappers.

link