Non-free re­pro­ducible build­ing

Linux Format - - REPRODUCIBLE BUILDS -

Re­pro­ducible builds can ben­e­fit pro­pri­etary soft­ware/firmware, too. You will re­call the Volk­swa­gen emis­sions scan­dal of 2015, in which diesel ve­hi­cles were fit­ted with ‘de­feat de­vices’. These de­tected when they were be­ing tested on a rolling road and forced the en­gine into be­ing much more en­vi­ron­men­tally friendly than it would oth­er­wise be. It’s been es­ti­mated that some 11 mil­lion ve­hi­cles (not just VW’s) were af­fected in to­tal. Out­side of a test en­vi­ron­ment, ve­hi­cles ac­tu­ally ex­ceeded le­gal emis­sion lim­its, emit­ting dan­ger­ous lev­els of ni­trous ox­ides, but pos­si­bly sav­ing some fuel in the process.

To pre­vent such cheat­ing in fu­ture, the idea of open sourc­ing en­gine man­age­ment code was mooted. This may one day hap­pen, but for now these are closely guarded se­crets. Even if they were not it’d be hard, given past events, to trust that any code of­fered was the same as what went into the en­gine man­age­ment unit.

En­ter re­pro­ducible builds. In this sce­nario we don’t even need the code to be open source, just that some qual­i­fied, trust­wor­thy per­son be per­mit­ted to ex­tract the bi­nary file from the de­vice, in­spect the code and build en­vi­ron­ment, per­form the re­pro­ducible build, and com­pare the re­sults. The process would be pretty much in­du­bi­ta­ble, so long as we trust the firmware ex­trac­tion process. And if we didn’t, then we could do re­pro­ducible builds to con­vince us.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.