1 |
The 21/02/14, Andrew Savchenko wrote: |
2 |
|
3 |
> Any decent security setup contains multiple layers of protection. |
4 |
> Use of non-standard binaries, algorithms or implementations is just |
5 |
> one of them and it is the simplest math to prove that security is |
6 |
> _improved_ this way. |
7 |
|
8 |
The algorithms and implementations do not change with configuration |
9 |
options while they are almost always the cause of security issues of a |
10 |
software. |
11 |
|
12 |
Of course, building the same software on different architectures or with |
13 |
custom configuration options will change the assembler code and the |
14 |
binary fingerprint might be totally different. But considering this a |
15 |
layer of protection remains non-sense and is a dangerous approach. The |
16 |
nature of Gentoo does not help in this area compared to other binary |
17 |
distributions. |
18 |
|
19 |
I don't pretend that non-standard binaries NEVER protect against some |
20 |
kind of issues. I pretend they are ridiculously insignificant in the |
21 |
wild. |
22 |
|
23 |
-- |
24 |
Nicolas Sebrecht |