search

ossf / wg-supply-chain-integrity

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
https://openssf.org
Apache License 2.0
178 stars 33 forks source link

Applying Byzantine Fault Tolerance Algorithm to arrive at consensus to deter rogue code commits #45

Closed nathanawmk closed 1 year ago

nathanawmk commented 2 years ago

Similar to the byzantine fault tolerance in principle, where there are N replicas and f of them maybe faulty (crashed/ compromised), replace N with the open source maintainers and f as the compromised open source maintainer, only when n = 3f+1 replicas, the code can be committed. Through such consensus mechanism, rogue code commits can be deterred.

SOURCE: https://www.comp.nus.edu.sg/~rahul/allfiles/cs6234-16-pbft.pdf

melba-lopez commented 1 year ago

Don't believe this to be apart of our current vision/mission. Would like to close this stale card.

@hepwori @camaleon2016 please give me a thumbs up to confirm.

camaleon2016 commented 1 year ago

Thumbs up.

Jay White (He/Him) Security Principal Program Manager Azure Office of the CTO OSS Ecosystem

[Graphical user interface Description automatically generated]

From: Melba @.> Sent: Tuesday, May 2, 2023 6:53 AM To: ossf/wg-supply-chain-integrity @.> Cc: Jay White @.>; Mention @.> Subject: Re: [ossf/wg-supply-chain-integrity] Applying Byzantine Fault Tolerance Algorithm to arrive at consensus to deter rogue code commits (Issue #45)

Don't believe this to be apart of our current vision/mission. Would like to close this stale card.

@hepworihttps://github.com/hepwori @camaleon2016https://github.com/camaleon2016 please give me a thumbs up to confirm.

- Reply to this email directly, view it on GitHubhttps://github.com/ossf/wg-supply-chain-integrity/issues/45#issuecomment-1531518404, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AYSMSZW4Z6JBZITZQB5VZN3XEEGS3ANCNFSM5MYUQR5Q. You are receiving this because you were mentioned.Message ID: @.**@.>>

david-a-wheeler commented 1 year ago

This is interesting! But I don't think it applies well.

Byzantine fault models are often applied to hardware. Typically they're applied where the hardware components are generally identical and you're trying to counter arbitrary faults which might equally occur in any of them.

This seems like a very poor analogy to software development. No one is claiming that humans are identical, in either capabilities or trustworthiness. Even if the software development is supported by AI (e.g., ChatGPT), it's the human who decides if the AI results are acceptable. Generally past performance by a human is the best available estimate for what a human will do (it's imperfect, but we know of no better method). So typical Byzantine models are mostly-wrong, as different humans do have different levels of trustworthiness, and it makes more sense to build on that.

Of course, reviewing results of a human is an excellent idea. But we often struggle getting just one more reviewer. Again, it doesn't appear that Byzantine fault models are a reasonable model of the problem (or of the solution). I'd be interested in any evidence to prove me wrong, though, it is an interesting thought experiment.

I don't see much actionable, so while the discussion might be interesting to have, it probably doesn't belong here. I'd support closing this issue, and finding some other place to have this discussion among those interested in it.