From: Mark Wielaard <mark@klomp.org>
To: joel@rtems.org, Florian Weimer <fweimer@redhat.com>
Cc: Guinevere Larsen via Overseers <overseers@sourceware.org>,
Sandra Loosemore <sloosemore@baylibre.com>,
Guinevere Larsen <blarsen@redhat.com>, GCC <gcc@gcc.gnu.org>,
binutils <binutils@sourceware.org>,
Eli Zaretskii via Gdb <gdb@sourceware.org>,
libc-alpha@sourceware.org
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
Date: Thu, 04 Apr 2024 12:25:50 +0200 [thread overview]
Message-ID: <360cbb4acf611f46d2d9bc84d813709aea639a27.camel@klomp.org> (raw)
In-Reply-To: <CAF9ehCVOBkcckhQVimfgCQBh7=EE9f_7y-7+YoWicCp=CjHUqA@mail.gmail.com>
Hi,
On Wed, 2024-04-03 at 08:53 -0500, Joel Sherrill wrote:
> On Wed, Apr 3, 2024, 3:09 AM Florian Weimer via Gdb <gdb@sourceware.org> wrote:
> > * Guinevere Larsen via Overseers:
> >
> > > Beyond that, we (GDB) are already experimenting with approved-by, and
> > > I think glibc was doing the same.
> >
> > The glibc project uses Reviewed-by:, but it's completely unrelated to
> > this. Everyone still pushes their own patches, and there are no
> > technical countermeasures in place to ensure that the pushed version is
> > the reviewed version.
>
> Or that there isn't "collusion" between a malicious author and reviewer.
> Just tagging it approved or reviewed by just gives you two people to blame.
> It is not a perfect solution either.
>
> But double checking and checklists are good practices.
> They are not foolproof if some bad actor is determined enough.
Agreed. If you just focus on completely fool proof technically
checkable measures then you end up doing nothing. But making things
like always getting a Reviewed-by or Tested-by tag in your commit
message does strengthen the social norms. And once they are common
practice you could even add some technical checks.
I am sure a really determined bad actor can always find some social or
technical engineering trick to "defeat" our project policies. But that
doesn't mean we shouldn't do things which are good practices anyway.
Cheers,
Mark
next prev parent reply other threads:[~2024-04-04 10:25 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-29 20:39 Security warning about xz library compromise Mark Wielaard
2024-04-01 15:06 ` Sourceware mitigating and preventing the next xz-backdoor Mark Wielaard
2024-04-02 19:54 ` Sandra Loosemore
2024-04-02 20:03 ` Paul Eggert
2024-04-02 20:20 ` Paul Koning
2024-04-02 20:28 ` Ian Lance Taylor
2024-04-03 6:26 ` Martin Uecker
2024-04-03 14:00 ` Michael Matz
2024-04-03 14:14 ` Paul Koning
2024-04-03 14:32 ` Martin Uecker
2024-04-03 14:46 ` Jeffrey Walton
2024-04-03 16:02 ` Michael Matz
2024-04-03 16:26 ` Joel Sherrill
2024-04-03 16:32 ` Martin Uecker
2024-04-03 16:51 ` Andreas Schwab
2024-04-03 16:56 ` Jonathan Wakely
2024-04-03 18:46 ` Jonathon Anderson
2024-04-03 19:01 ` Martin Uecker
2024-04-05 21:15 ` Andrew Sutton
2024-04-06 13:00 ` Richard Biener
2024-04-06 15:59 ` Martin Uecker
2024-04-04 13:59 ` Michael Matz
2024-04-09 16:44 ` anderson.jonathonm
2024-04-09 17:57 ` Andreas Schwab
2024-04-09 19:59 ` Jonathon Anderson
2024-04-09 20:11 ` Paul Koning
2024-04-09 21:40 ` Jeffrey Walton
2024-04-09 21:50 ` Paul Eggert
2024-04-09 21:58 ` Sam James
2024-04-09 22:15 ` Paul Eggert
2024-04-09 22:22 ` Sam James
2024-04-09 22:53 ` Paul Eggert
2024-04-09 22:03 ` Jonathon Anderson
2024-04-09 22:10 ` Sam James
2024-04-09 21:54 ` Jonathon Anderson
2024-04-09 22:00 ` Sam James
2024-04-10 14:09 ` Frank Ch. Eigler
2024-04-10 18:47 ` Jonathon Anderson
2024-04-10 19:00 ` Frank Ch. Eigler
2024-04-10 10:26 ` Claudio Bantaloukas
2024-04-02 22:08 ` Guinevere Larsen
2024-04-02 22:21 ` Guinevere Larsen
2024-04-02 22:50 ` Jeffrey Walton
2024-04-02 23:20 ` Mark Wielaard
2024-04-02 23:34 ` Paul Koning
2024-04-03 0:37 ` Jeffrey Walton
2024-04-03 8:08 ` Florian Weimer
2024-04-03 13:53 ` Joel Sherrill
2024-04-04 10:25 ` Mark Wielaard [this message]
2024-04-10 16:30 ` Alejandro Colomar
2024-04-21 15:30 ` Mark Wielaard
2024-04-21 20:40 ` Alejandro Colomar
2024-04-21 20:52 ` Alejandro Colomar
2024-04-30 11:28 ` Alejandro Colomar
2024-04-03 14:04 ` Tom Tromey
2024-04-03 14:42 ` Jeff Law
2024-04-04 10:48 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=360cbb4acf611f46d2d9bc84d813709aea639a27.camel@klomp.org \
--to=mark@klomp.org \
--cc=binutils@sourceware.org \
--cc=blarsen@redhat.com \
--cc=fweimer@redhat.com \
--cc=gcc@gcc.gnu.org \
--cc=gdb@sourceware.org \
--cc=joel@rtems.org \
--cc=libc-alpha@sourceware.org \
--cc=overseers@sourceware.org \
--cc=sloosemore@baylibre.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).