Jump to: navigation, search

Template:Verifiable Builds Comparsion Table

Whonix Tails Tor Browser Qubes OS TorVM corridor
Deterministic Builds[1] No No, Planned [2] Yes [3] No Not applicable. [4]
Based on a Deterministically Built[1] Operating System No [5] No [5] Not applicable. No [5] No [5]
Verifiably no backdoor in the project's own source code Invalid [6] Invalid [6] Invalid [6] Invalid [6] Invalid [6]
Verifiably vulnerability[7] free No [8] No [8] No [8] No [8] No [8]
Verifiably no hidden source code[9] in upstream distribution/binaries[10] No [11] No [11] No [11] No [11] No [11]
Project's binary builds verifiably created from project's own source code (no hidden source code[9] in the project's own source code) No (Deprecated.) [12] No Yes No Not applicable. [4]
  1. 1.0 1.1 Open Source does not automagically prevent backdoors, unless the user creates its own binaries from source code itself. The ones who compile, upload and distribute (also the webhost) the binaries could add a hidden code without publishing the backdoor code. Nothing prevents one to claim, that a certain binary has been built from a clean source code, while the binary was actually built by the source code plus the backdoor code. Also the ones who may have infected the build machine with a backdoor are in position to add a backdoor without the distributor being aware of it. Deterministic builds can detect backdoors. For more information on deterministic builds and why this is important, see:
  2. See Tails Roadmap.
  3. See Deterministic Builds Part One: Cyberwar and Global Compromise and Deterministic Builds Part Two: Technical Details.
  4. 4.0 4.1 Just shell scripts.
  5. 5.0 5.1 5.2 5.3 To be fair, there are no deterministically built operating system yet. It would take lots of effort to create one and its far from easy. There is work going on in Debian about reproducible builds, but it's far from done.
  6. 6.0 6.1 6.2 6.3 6.4 A backdoor can either be a vulnerability as in a bug in the source code. Vulnerabilities can get introduced by accident (human error) or on purpose. Once the software has been deployed and the vulnerability has been found, it might happen, that an attacker uses an exploits to gain unauthorized access. Such vulnerabilities (or purposely planted backdoors) can, with cleverness, be planted in Open Source code plain sight, while being very difficult and unlikely to be spotted by people looking at the code. Examples: Another form of a backdoor is adding the full code (or binary) of trojan horse (computer virus) to the binary build, while not publishing the extra source code and keeping that secret code. The latter, can only be detected with Deterministic Builds, which are discussed above.
    Therefore it is impossible to claim that non-trivial source code is backdoor free, because a backdoors can be hidden as vulnerabilities. Auditors scrutinizing the source code can only state their opinion about the quality of the source code and eventually report a vulnerability. It can only be reasonably easily checked, if the source code is free of computer viruses (for example, trojan horses), not backdoors.
  7. https://en.wikipedia.org/wiki/Vulnerability_(computing)
  8. 8.0 8.1 8.2 8.3 8.4 Although possible (in theory?), there are no mathematically proven bug free operating systems yet.
  9. 9.0 9.1 Hidden source code is defined as code, which gets added by an adversary, who compromised a build machine or by the person who builds (compiled) a binary builds before building the binary build. The secret source code will not be published and it will look like (or claimed) that the software was built from the source code, which has been published. The most reliable method to detect such hidden code (added on purpose or due to build machine compromise) is to compare Deterministic Builds, which are discussed above. (Other methods, such watching the traffic, only have good chances to spot a backdoor, when the backdoor is used in many cases. Even less likely backdoors are found through reverse engineering, because very few people are using a disassembler.
  10. The upstream distribution is the distribution on which the project is based on. Whonix and Tails are based on Debian, thus Debian is their upstream distribution. QubesOS TorVM is based on Qubes OS, which itself is based on Fedora and Xen.
  11. 11.0 11.1 11.2 11.3 11.4 No, since the upstream software is not deterministically built. See above to learn about Deterministic Builds.
  12. See Trust#Verifiable Builds.