Opened 7 years ago

Closed 4 years ago

#6011 closed project (worksforme)

Write up proposal outline for build security

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Company Version:
Severity: Keywords: SponsorZ-large
Cc: ioerror, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

#3688 is probably just the start of getting our build security where it needs to be, and even that may require a lot of baby steps before the solution is realized.

Once that's done, we should create a build and update deployment process that is akin to the Tor dirauth consensus process: N independent machines creating identical builds and detached signatures, and the build only gets published if all manage to agree.

It will also be a lot of work even to get to a manual version of this process. We should figure out how to break the plan into more baby steps and write funding proposal(s) for them.

The ultimate goal should be to get full funding to deploy our autoupdater with this multi-key validation process so that other organizations can use it. That will require even more funding and work.

Child Tickets

Change History (9)

comment:1 Changed 7 years ago by mikeperry

Keywords: MikePerry201207 added; MikePerry201206 removed

Jake says the first step here is to write like a 2 paragraph idea summary. I guess I'll leave the tag on it for July to try to get at least that much done?

comment:2 Changed 7 years ago by mikeperry

Keywords: MikePerry201208 added; MikePerry201207 removed

comment:3 Changed 7 years ago by ioerror

I think we should consider this with a strong focus on Gitian like methods: https://gitian.org/

comment:4 Changed 7 years ago by cypherpunks

Please also consider air gap. #6521

comment:5 Changed 7 years ago by mikeperry

Keywords: SponsorZ-large added

comment:6 Changed 7 years ago by mikeperry

Keywords: MikePerry201209 added; MikePerry201208 removed

comment:7 Changed 7 years ago by mikeperry

Keywords: MikePerry201209 removed

comment:8 Changed 5 years ago by gk

Cc: gk added

comment:9 Changed 4 years ago by isis

Resolution: worksforme
Status: newclosed

As far as I know, Mike just went ahead all doacracy-style and went into a Gitian rabbithole all by himself for like three months, without ever writing a proposal. So… I think this can be closed.

Note: See TracTickets for help on using tickets.