Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lrvick 3 hours ago

Of course! There are always edge cases, but I would suspect the number of bots signed by reputable keys to be near 0%, and the honest human score in this trust graph to be well over 90%.

Compare to how much we should trust any random unsigned key signing commits, or unsigned commits, in which the trust should be 0% unless you have reviewed the code yourself.

jacquesm 3 hours ago | parent [-]

The problem is all it really takes is one edge case to successfully break a web of trust to the point that the web of trust becomes a blind spot. Instead of distrusting everybody (which should be the default) the web of trust attempts to create a 'walled garden of trust' and behind that wall everybody can be friendly. That gives a successful attacker a massive advantage.

lrvick 3 hours ago | parent [-]

If we were talking about any linux distribution before stagex, I would agree with you.

Stagex however expects at least one maintainer may at any time engage in reputation-ending dishonesty or simply they were threatened or coerced. This is why every single release is signed by a -quorum- of code reviewers and code reproducers that must all build locally and get identical hashes, so no single points of failure exist in our trust graph.

Our last release was signed by four geodistributed maintainers that all attest to having built the entire distribution from 180 bytes of machine code all the way up with the same hashes.

All of their keys being compromised at once gets beyond the pale.

jacquesm 2 hours ago | parent [-]

While I appreciate all of the effort you put in this and respect that you trust this to be bulletproof I'm always going to be skeptical of silver bullets.

Your level of certainty is the thing that frightens me more than the confidence I have in the quality of your work.

lrvick an hour ago | parent [-]

I am reasonably confident it is the current industry best effort, and way beyond the status quo, not that it is perfect.

We combine many tactics for defense in depth that I strongly suspect if widely deployed would put a stop to the daily supply chain attack headlines.