Q. How do I know that Tarsnap is secure?
A. Read the source code.
This is a "good enough" but less than reassuring answer in the post-Solar Winds world. (It wasn't before, but less so since the advent of "package managers" and the like.) How would someone evaluate the quality and security of the build process and minimal dependencies (which might have their own problems [0])?
As a non-security person thinking of how might one could evaluate this: Could adversarial builds (say performed in and using tools commonly available in several locations with different types of government spying) generate the same binary? Could that act as a sort of proof of an untainted toolchain? Or a canary for where a build process is tainted?
As a non-security person thinking of how might one could evaluate this: Could adversarial builds (say performed in and using tools commonly available in several locations with different types of government spying) generate the same binary? Could that act as a sort of proof of an untainted toolchain? Or a canary for where a build process is tainted?
0. https://news.ycombinator.com/item?id=39890817