[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor - 1-click-compile-version



Hi hmoh,

On Dec 23, 2011, at 3:23 PM, hmoh@xxxxxxxxxxxxx wrote:
> Tor and all stuff is Open Source and many people looking inside for security review. A very weak link is that most users use the precompiled ready to use binaries. But it is not possible to be sure that binaries are build from an unaltered source code. The precompiled binaries may include back doors. Also that most users download from torproject.org is an other single point of failure as just one instance has to be forced to include a back door.
> 
> I've never read that someone checks frequently that the source code is 100% same like the binaries.
> Compiling everything oneself is a lot of hassle, most users do not do that as it's a big inconvenience.
> 
> I am not here to offend someone. There are a lot reasons in the nature of this project to ask such questions. The whole Tor project is about distrust and fear of getting traced and logged. Even if I'd knew all involved persons in person and I'd trust them I wouldn't trust the binaries 100%.
> 
> The machines who build the binaries could be compromised including a backdoor on compile time. People with lots of money, government or wealthy companies could thread and force you or your families to include a backdoor into Tor.
> 
> To protect you and the Tor users I propose the following....
> 
> Additionally to the precompiled binaries you could offer a 1-click-compile version. It could be an script which downloads all the needed stuff for compiling and building the executable.
> 
> This isn't a bottomless pit. Don't try to make the second step before the first one. For example on Windows the script would download the precompiled executables of mingw, msys, msysDTK and so on from sf.net, download source code of Tor from torproject.org, compiling and so on... Yes, it would be again a risk to download the precompiled executables as those could be possibly forced to have included a backdoor as well.
> 
> The idea of 1-click-compile-versions has to develop over time. No one can expect the concept to be perfect from the beginning. The tor project would start with it and later over time all the decencies would hopefully also allow similar 1-click-compile-versions. All this until a point where we can compile the whole operating system, the browser and Tor with one click.
> 
> If that's half running I can imagine a distributed community / program to review the updated source codes. After downloading new source the program would check it from different sources if it's the same some independent people had stated there opinion about the changes. This would allow all users to download, compile and start executables from source at the same time having some feedback from external developers about the quality of the source code they're using.
> 
> Don't tell it's impossible. Tell what are the weak points of this concept are and propose enhancements.

Don't be so defensive ;) We agree with almost everything here, but there
are some limitations. By default, even if you build the same code twice
on the exact same *system*, you will get two different binaries. We
consider this a problem, and and in fact have a ticket open in our
bugtracker about doing just that for the linux and os x platform [0].

We have some Makefiles around that can be easily used to bootstrap a
build, and we encourage people to try it out and report problems they
find.

On Windows, the problem seems entirely unsolvable, see the
above-mentioned ticket.

All the best
Sebastian

[0]: https://trac.torproject.org/projects/tor/ticket/3688
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk