Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)
Randell Jesup <randell-ietf@jesup.org> Tue, 17 December 2013 07:39 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31FF61AE0EC for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 23:39:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl8Elcjq4jfO for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 23:39:17 -0800 (PST)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id E2A911ADFBF for <rtcweb@ietf.org>; Mon, 16 Dec 2013 23:39:16 -0800 (PST)
Received: from pool-173-49-144-199.phlapa.fios.verizon.net ([173.49.144.199]:4332 helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <randell-ietf@jesup.org>) id 1VspFL-000AjG-Fg for rtcweb@ietf.org; Tue, 17 Dec 2013 01:39:15 -0600
Message-ID: <52AFFF91.4060704@jesup.org>
Date: Tue, 17 Dec 2013 02:38:57 -0500
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <186CE8D65BA3A741A81A543F936DD0D10A5803D8@xmb-rcd-x07.cisco.com> <A672E2AB-827D-46E8-9EB1-D7ED82B10B94@cisco.com> <20131211193239.GK3245@audi.shelbyville.oz> <558F8D49-4024-4DF1-9A9E-AF422F1292C2@iii.ca> <20131212011550.GM3245@audi.shelbyville.oz> <E8882BCE-4795-4CF5-B785-18C2141A5DE2@iii.ca> <20131212183852.GN3245@audi.shelbyville.oz> <9B19C671-4356-4918-B271-D95B7AA84BBA@iii.ca> <20131212213234.GQ3245@audi.shelbyville.oz> <CECFDD00.20577%mzanaty@cisco.com> <52AF1879.60106@alvestrand.no>
In-Reply-To: <52AF1879.60106@alvestrand.no>
Content-Type: multipart/alternative; boundary="------------010402030302070806030703"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Get-Message-Sender-Via: r2-chicago.webserversystems.com: authenticated_id: randell@jesup.org
Subject: Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2013 07:39:19 -0000
On 12/16/2013 10:12 AM, Harald Alvestrand wrote: > Since this is a subthread with technical content, I'd like it to have > its own header.... > > the name I've heard for this kind of generation environments is > "hermetic build". > Google's been trying for hermetic builds for NaCL for instance - see > this doc: > http://www.chromium.org/nativeclient/design-documents/building-a-hermetic-toolchain-on-cygwin > > > On 12/13/2013 04:33 AM, Mo Zanaty (mzanaty) wrote: >> Yes, Cisco and Mozilla plan on solving fully reproducible binaries for all >> targets officially supported in the openh264 project. Nothing less would >> be acceptable to the community, especially given the recent security >> incidents. >> >> We welcome contributions from anyone who has struggled with this in the >> past, and is aware of specific problems or solutions beyond the obvious >> ones below. >> >> 1. Identical source trees (git hash) >> 2. Identical project configuration (make targets that include all >> configuration options) >> 3. Identical tool chains on similar build machines (same arch at least, >> probably x86-64) >> 4. Deterministic tool chains (avoid tool options that lack determinism) >> 5. Deterministically identical tool chain output must be hashed separately >> from uniquely generated data (build info, etc.) >> >> Some feel that tool chains can also be subverted and therefore should also >> be built from source, using some root golden tool chain. We are not that >> paranoid yet. Should we be? #include <classic_unix_getty_backdoor.h> Tool chains absolutely can be subverted, to the point where even rebuilding them using themselves from 'clean' source leaves them subverted. Super-widely-distributed binaries (like this would be) are obvious targets for such things (as are browsers like Chrome and Firefox - but those have some extra safety due to build built across a wide range of toolchains - but even that leaves the official binaries at risk in theory). At some point, you have to decide if hand-assembling code with a hex editor is worth it (and do you *trust* your hex editor?) ;-) And don't forget, the backdoor code-flip could be in the filesystem too! With some serious hackery, even in the HD (stretching, but theoretically possible I believe). If you don't want to go that far down, you need to decide to trust *some* basic toolchain, use it to build the "current" toolchain, and use that to build the binaries. You can help yourselves by choosing a base toolchain that predates anyone knowing you're going to use it for this project. (Note: base toolchain includes the base OS...) -- Randell Jesup -- rjesup a t mozilla d o t com
- [rtcweb] Cisco to open source its H.264 implement… Jonathan Rosenberg (jdrosen)
- Re: [rtcweb] Cisco to open source its H.264 imple… Karl Stahl
- Re: [rtcweb] Cisco to open source its H.264 imple… Leon Geyser
- Re: [rtcweb] Cisco to open source its H.264 imple… Matt Fredrickson
- Re: [rtcweb] Cisco to open source its H.264 imple… Jonathan Rosenberg
- Re: [rtcweb] Cisco to open source its H.264 imple… Peter Thatcher
- Re: [rtcweb] Cisco to open source its H.264 imple… Matt Fredrickson
- Re: [rtcweb] Cisco to open source its H.264 imple… Adam Roach
- Re: [rtcweb] Cisco to open source its H.264 imple… Adam Roach
- Re: [rtcweb] Cisco to open source its H.264 imple… Ted Hardie
- Re: [rtcweb] Cisco to open source its H.264 imple… Lorenzo Miniero
- Re: [rtcweb] Cisco to open source its H.264 imple… Adam Roach
- Re: [rtcweb] Cisco to open source its H.264 imple… Ethan Hugg
- Re: [rtcweb] Cisco to open source its H.264 imple… Monty Montgomery
- Re: [rtcweb] Cisco to open source its H.264 imple… Monty Montgomery
- Re: [rtcweb] Cisco to open source its H.264 imple… Lorenzo Miniero
- Re: [rtcweb] Cisco to open source its H.264 imple… Max Jonas Werner
- Re: [rtcweb] Cisco to open source its H.264 imple… Matt Fredrickson
- Re: [rtcweb] Cisco to open source its H.264 imple… Ted Hardie
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings (fluffy)
- Re: [rtcweb] Cisco to open source its H.264 imple… Jonathan Rosenberg
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings (fluffy)
- Re: [rtcweb] Cisco to open source its H.264 imple… Matt Fredrickson
- Re: [rtcweb] Cisco to open source its H.264 imple… Steve Sokol
- Re: [rtcweb] Cisco to open source its H.264 imple… Leon Geyser
- Re: [rtcweb] Cisco to open source its H.264 imple… Matt Fredrickson
- Re: [rtcweb] Cisco to open source its H.264 imple… Jonathan Rosenberg
- Re: [rtcweb] Cisco to open source its H.264 imple… Adam Roach
- Re: [rtcweb] Cisco to open source its H.264 imple… Jeremy Laurenson (jlaurens)
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings (fluffy)
- Re: [rtcweb] Cisco to open source its H.264 imple… Göran Eriksson AP
- Re: [rtcweb] Cisco to open source its H.264 imple… Jeremy Laurenson (jlaurens)
- Re: [rtcweb] Cisco to open source its H.264 imple… Lorenzo Miniero
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings (fluffy)
- Re: [rtcweb] Cisco to open source its H.264 imple… DRAGE, Keith (Keith)
- Re: [rtcweb] Cisco to open source its H.264 imple… cowwoc
- Re: [rtcweb] Cisco to open source its H.264 imple… Lorenzo Miniero
- Re: [rtcweb] Cisco to open source its H.264 imple… David Singer
- Re: [rtcweb] Cisco to open source its H.264 imple… cowwoc
- Re: [rtcweb] Cisco to open source its H.264 imple… Paul Giralt
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings (fluffy)
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Paul Giralt
- Re: [rtcweb] Cisco to open source its H.264 imple… Leon Geyser
- Re: [rtcweb] Cisco to open source its H.264 imple… Kaiduan Xie
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings
- Re: [rtcweb] Cisco to open source its H.264 imple… cowwoc
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Roman Shpount
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings (fluffy)
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings
- [rtcweb] VP8 binary module (Was: Cisco to open so… cowwoc
- Re: [rtcweb] Cisco to open source its H.264 imple… Roman Shpount
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] VP8 binary module (Was: Cisco to ope… Kaiduan Xie
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Roman Shpount
- Re: [rtcweb] Cisco to open source its H.264 imple… Engel Nyst
- Re: [rtcweb] Cisco to open source its H.264 imple… Daniel-Constantin Mierla
- Re: [rtcweb] Cisco to open source its H.264 imple… cowwoc
- Re: [rtcweb] Cisco to open source its H.264 imple… Stephan Wenger
- Re: [rtcweb] VP8 binary module (Was: Cisco to ope… Bjoern Hoehrmann
- Re: [rtcweb] Cisco to open source its H.264 imple… Adam Roach
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] VP8 binary module (Was: Cisco to ope… Justin Uberti
- Re: [rtcweb] Cisco to open source its H.264 imple… Daniel-Constantin Mierla
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… DRAGE, Keith (Keith)
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings
- Re: [rtcweb] Cisco to open source its H.264 imple… Cullen Jennings
- Re: [rtcweb] Cisco to open source its H.264 imple… Jack Moffitt
- Re: [rtcweb] Cisco to open source its H.264 imple… Engel Nyst
- Re: [rtcweb] Cisco to open source its H.264 imple… Mo Zanaty (mzanaty)
- [rtcweb] H.264 IPR disclosures (or persistent lac… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Basil Mohamed Gohar
- Re: [rtcweb] H.264 IPR disclosures (or persistent… DRAGE, Keith (Keith)
- Re: [rtcweb] Cisco to open source its H.264 imple… Engel Nyst
- Re: [rtcweb] Cisco to open source its H.264 imple… Mo Zanaty (mzanaty)
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Ron
- Re: [rtcweb] Cisco to open source its H.264 imple… Gili
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Mo Zanaty (mzanaty)
- Re: [rtcweb] H.264 IPR disclosures (or persistent… SM
- Re: [rtcweb] Cisco to open source its H.264 imple… Mo Zanaty (mzanaty)
- [rtcweb] H.264's high-low play (Was: H.264 IPR di… cowwoc
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Mo Zanaty (mzanaty)
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Markus.Isomaki
- Re: [rtcweb] H.264 IPR disclosures (or persistent… DRAGE, Keith (Keith)
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Ron
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Lorenzo Miniero
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Ron
- Re: [rtcweb] H.264 IPR disclosures (or persistent… SM
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… bryandonnovan
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Eric Rescorla
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… bryandonnovan
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Eric Rescorla
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Silvia Pfeiffer
- [rtcweb] Hermetic builds (Re: Cisco to open sourc… Harald Alvestrand
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… cowwoc
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Eric Rescorla
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Jeremy Laurenson (jlaurens)
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Basil Mohamed Gohar
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Dave Crocker
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… DRAGE, Keith (Keith)
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Ron
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Basil Mohamed Gohar
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Roman Shpount
- Re: [rtcweb] H.264 IPR disclosures (or persistent… DRAGE, Keith (Keith)
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… cowwoc
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Eric Rescorla
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Adam Roach
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… cowwoc
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Eric Rescorla
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… cowwoc
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Eric Rescorla
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… cowwoc
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Harald Alvestrand
- Re: [rtcweb] H.264's high-low play (Was: H.264 IP… Harald Alvestrand
- Re: [rtcweb] VP8 binary module (Was: Cisco to ope… Harald Alvestrand
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Bjoern Hoehrmann
- Re: [rtcweb] H.264 IPR disclosures (or persistent… Harald Alvestrand
- Re: [rtcweb] Hermetic builds (Re: Cisco to open s… Bjoern Hoehrmann
- [rtcweb] Is there room for a compromise? John Leslie
- Re: [rtcweb] Hermetic builds (Re: Cisco to open s… Ron
- Re: [rtcweb] Is there room for a compromise? cowwoc
- Re: [rtcweb] Hermetic builds (Re: Cisco to open s… Randell Jesup
- Re: [rtcweb] Is there room for a compromise? John Leslie
- Re: [rtcweb] Is there room for a compromise? cowwoc
- Re: [rtcweb] Is there room for a compromise? what… David Singer
- Re: [rtcweb] Is there room for a compromise? what… cowwoc
- Re: [rtcweb] Is there room for a compromise? Ron
- Re: [rtcweb] Is there room for a compromise? what… Justin Uberti
- Re: [rtcweb] Is there room for a compromise? what… Dave Crocker
- Re: [rtcweb] Is there room for a compromise? Matthew Kaufman (SKYPE)
- Re: [rtcweb] Is there room for a compromise? Ron
- Re: [rtcweb] Is there room for a compromise? cowwoc
- Re: [rtcweb] Is there room for a compromise? Matthew Kaufman (SKYPE)
- Re: [rtcweb] Is there room for a compromise? Jack Moffitt
- Re: [rtcweb] Is there room for a compromise? John Leslie
- Re: [rtcweb] Is there room for a compromise? what… Bernard Aboba
- Re: [rtcweb] Is there room for a compromise? what… Ron
- Re: [rtcweb] Interoperability - what have we lear… Bernard Aboba
- Re: [rtcweb] Interoperability - what have we lear… Ron
- Re: [rtcweb] Is there room for a compromise? what… Martin Thomson
- Re: [rtcweb] Is there room for a compromise? what… Justin Uberti
- Re: [rtcweb] Is there room for a compromise? what… Eric Rescorla
- Re: [rtcweb] Interoperability - what have we lear… Bernard Aboba
- Re: [rtcweb] Interoperability - what have we lear… Colin Perkins
- Re: [rtcweb] Is there room for a compromise? what… Dave Crocker
- Re: [rtcweb] Is there room for a compromise? what… Eric Rescorla
- Re: [rtcweb] Is there room for a compromise? what… Dave Crocker
- Re: [rtcweb] Is there room for a compromise? what… Bjoern Hoehrmann
- Re: [rtcweb] Is there room for a compromise? what… Eric Rescorla
- Re: [rtcweb] Is there room for a compromise? what… Ron
- Re: [rtcweb] Is there room for a compromise? what… Bjoern Hoehrmann
- Re: [rtcweb] Is there room for a compromise? what… Eric Rescorla
- Re: [rtcweb] Is there room for a compromise? what… Dave Crocker
- Re: [rtcweb] Is there room for a compromise? what… Ron
- Re: [rtcweb] Is there room for a compromise? what… Richard Shockey
- Re: [rtcweb] Interoperability - what have we lear… Bernard Aboba
- Re: [rtcweb] Is there room for a compromise? what… tim panton
- Re: [rtcweb] Is there room for a compromise? what… Martin Thomson