Post Syndicated from corbet original http://lwn.net/Articles/689165/rss
Qubes founder Joanna Rutkowska writes about how Qubes
works to avoid building compromised software into its distribution.
“Ultimately, we would like to introduce a multiple-signature scheme,
in which several developers (from different countries, social circles,
etc.) can sign Qubes-produced binaries and ISOs. Then, an adversary would
have to compromise all the build locations in order to get backdoored
versions signed. For this to happen, we need to make the build process
deterministic (i.e. reproducible). Yet, this task still seems to be years
ahead of us.”