Open cchexcode opened 6 months ago
smira
commented
6 months ago Most critical release assets are reproducible, so you can build it yourself from source and compare to the released assets. This provides better protection/trust than any other measures.
The reproducible assets are:
kernelinitramfsinstaller containerimager containerEvery other asset can be produced from the above.
steverfrancis
commented
6 months ago There are sha256sum.txt
sha512sum.txt published with every release - are those not the checksums you mean?
cchexcode
commented
6 months ago @steverfrancis yes correct - I must've missed these three times while looking through the list. Excellent!
Feature Request
As an operating system, talos linux is a critical part of the system if used for production workloads. As that, it is important to verify the integrity of the system (and developers). With that being said, I suggest the following changes to increase security for this amazing piece of software.
Asset checksums
I suggest that we're adding checksums to the asset downloads on the release page. This can be used to verify that a downloaded file has not tampered with in transit. This is generally a best practice when downloading critical software and prevents a range of attacks that could compromise the asset.Canary
In order to increase trust in Talos linux, I suggest that siderolabs adds a canary statement to verify that a release does not contain a backdoor or other types of desired malware. In the many countries, law enforcement can seize property (like Talos as IP) and modify / redistribute it with backdoors. They can require you to not speak out but can't require you to take certain actions (such as signing with a PGP key etc). Long story short, I think a critical piece of infrastructure such as an OS should provide a canary statement that no such incident took place. Wh0nix is such an example, providing a canary incl. recent headlines to prove it's recent.