Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:122814 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 080361A009C for ; Sat, 30 Mar 2024 01:17:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1711761490; bh=Q/3r3pgNlwu4MHEAwbtXnjpbXBPKL0I//r/eWmg/kTA=; h=Date:Subject:To:References:From:In-Reply-To:From; b=ZJqRcTbYajnR+CwLIXtQz73RyT9f/586UMVsjPOutnJA/9qAnW+taeWSZiDHS4QA6 ARl/swK+fZeR6ppr+dFX+XaefyH6tvFv9aq2JpX9f6mK8zp4jvSiscitS0oIM2G4/4 ODH1hitwRwhsulOV/6QKlFRVJF/TYHKsT3CQIohOSuof0V+vu3RQI71FS4MmeDuabD 7VBBw4styjisiNk58eUaabsxQZ8gAG4QmpK2vvJXpXK5FhFQJDX2YGkquzJW/R0HM9 nuzvWnNzLLnEgFdanHgGjEf5CdeFH5MuUOjhEEsaqUBQyqpv/jU+XdLAgOuj6I3j+c vF4k1hPXaqwQA== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 277DB18058D for ; Sat, 30 Mar 2024 01:18:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_50, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2046.outbound.protection.outlook.com [40.92.91.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 30 Mar 2024 01:18:06 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jMvU3x9FF4/xd9R/HiIfiM0kcBu8RX+JcOPb2v1Tu4Z2s/SMne7IBWG5vYeg4sFIz3YWA9I3xXtG5q3KuMnZruWCji/kRID9Jn/y5VVRPYN8GqxRe7o61SYOkqJKJoi6Zpe+Le3dC3+qUSs/t41MGiOg3mThzKV+hubM8OxtsylKDDFgKRgrYjrjWd2J1tro98YpQH914ViYd0ipnU+s9izY4t/SLZvCy3knnpmkTwkRi1btTA/tRpOX94ldlDu3RxS1O8NvIxPXM7mXYuMrof4zWl4OjimHJ3kMPl1MBbflDJlTbHPfnS45M1E+T3lwGdfwiuvOti4W6XTdONJPfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v+Nb70fyyT5Cyx87wvsIisjYrJtT1k/FyFZNDfo8IZw=; b=iWYFi5Rhk25CWc+odEY2a+93CO06s+nqj9pxKoT/U39s/uc96JXr9/fOUt3Ub6XmvTPRySR6ufqND4uGnHk8hHMR6hcVt4HtYX0t/2zZjsGVeG/ETAab1prnKV/t+V/HfdO2xEdEm+CZyoihxkxgHshzflxbVlWeEHcOD6otd/7By+QSrHl0TqPVaLlK+SSyjOuNtpAwg82cmSK085it7u8JWtF24msNrsjXNsGVrj/d/6w0zqAIOKE69FbHn0dhe0hXJIPblB09VMnZsj7jXBOZrwYMU/xOgzpDskZPOWQxq/WyY3iWMBEHvJqvy1YhZMGcl5vTPA2uVEaaOaGN0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v+Nb70fyyT5Cyx87wvsIisjYrJtT1k/FyFZNDfo8IZw=; b=JLZktMNsNuv4z1zyoxdzbUEwNgD6vjrg7y7aZe667yS3d6RDkUIjkldpr59rkFpypzH9oudJLQt7nsdZ3C8ryaecUcu85cJberXMlTzoRteBUbYqlT9xz3dhCqI8SSMWqvxRCOtj73DAZt+xsckRIVLL3iWgY+rzZrASm/o6M6QYT9PksQOf8b+ckSoDJ2mPGKJ1Qb3Piwtzn6UrUJJig+dctWEeyG+2PJVnJcKjfBA3IUzC4bFgZRhh2BTggGh5VqaVSlfLYhXX2AT98DeVgPBNgEpEmG0eie4RoXty+viYj0Dd2h7Cp6ThbKsOMzXj2Vl4rn0PSKsCp+iKyJCEAw== Received: from AM8P250MB0170.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:321::21) by AM8P250MB0214.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:325::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.26; Sat, 30 Mar 2024 01:17:38 +0000 Received: from AM8P250MB0170.EURP250.PROD.OUTLOOK.COM ([fe80::1bef:dd6c:81a8:c5fd]) by AM8P250MB0170.EURP250.PROD.OUTLOOK.COM ([fe80::1bef:dd6c:81a8:c5fd%4]) with mapi id 15.20.7409.034; Sat, 30 Mar 2024 01:17:38 +0000 Content-Type: multipart/alternative; boundary="------------RICfBpt9R1jWZxbSrr90jRNl" Message-ID: Date: Sat, 30 Mar 2024 02:17:37 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] Consider removing autogenerated files from tarballs To: Daniil Gentili , internals@lists.php.net References: Content-Language: en-US In-Reply-To: X-TMN: [LUGN/v7h/pZ7kfdTpxgHusaAPIcvbPuHQ0ghyd/N5XgB+nQt1zpw6D3Dvr6aWEb5] X-ClientProxiedBy: FR3P281CA0196.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a5::14) To AM8P250MB0170.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:321::21) X-Microsoft-Original-Message-ID: <888a7896-49d5-48a2-8691-2bb6355364ef@hotmail.com> Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM8P250MB0170:EE_|AM8P250MB0214:EE_ X-MS-Office365-Filtering-Correlation-Id: 367e9250-28a2-4b12-5601-08dc50572ff8 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FKyjaLLyTzCkcu14hW4zaV/8pUPYDVAz5tSMf321GTPIDNwN4uDS2LQtxcz6gbfjxcqj480E0yGWsiLCtbygo+pmeatBgTL3rc/TXIQA1n+VaplHHi7hwIw5lbsEfvJVOrqhIgCRm4lrznMP5COgg54+Qz77zHQUO+63StbZVhaaQIO1wo8Ue/P6TYMsiKuHIbIi7m5bQ9ocjzKeolABvp/y6Y+5M3Q8Vio4VIhvr6qqI4L7hAQKEPrUNzLalv0qKpOx91qP1uM46xH1YPdIc6uGdSI4gP8gwsr2Ask7rt42THsOt9DSWQE7od0EPZkygozajVgCURUvRrKtT9kFVwUByfVfDI31Z25UEZuCYBdlIzTbnxMuL4OJS5eY2dwqDax+xsZ9V8dIo/MDxStSirqJOm61JDmYfd2Xs04QULG6FM65qWuJG6c8+2Tg4kzAh+7SilpjGFaQ4ECX0ZaQcho5QIO2+iG6xxFyd1W6btNUaxCFn/QR8UTPD9x6YNQDH+JTRRtZEbYl71WpFQ032OLEbYKgm4ZBLZ4qttRmDmW9qEkx6VKYcFeruYLpPVlYMlHG5BfBNHWlvRzwwfe9Jf9kwdlulCSQbfKpOYps+t9Eb5lD3dkGId2n8Evmwpnm4194KZ4bdyNvnwcE/QpNz2KJct5u4EgGxwkvc+r/sMS+kCBHXKkWGwrgOLwAg8gp X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RlZzNEUrcXZVOGxWVDBwTHZwMHF6Q3pLeDFlbUhPS3NmNkI0Vm95ZWFSTkRT?= =?utf-8?B?ckhLb1FjdzlreGpZNkc3b2hHRVh1dVFyRE52dXJ3V2FjNTlFOEFwL1Bja3BL?= =?utf-8?B?ZzlEd1BlTkhwTGlQZ1FpOXgrZUErc3M1YytnMkxxZm9nc1Nvdlh6T25JMXBB?= =?utf-8?B?U21VMlNISE5PTCtSSFNNdUVCQnRRdUQ3UzZrRTU0RjlXMWJlUm9KNWpNTG16?= =?utf-8?B?RTFlVWV1VjVpN25HZnFBUHpmeW1ud3RSaGQ3SDNQcnlMYUJUT3ZMK1hINUd4?= =?utf-8?B?SGhVNGJ3Z0tBTGFCb210T2ZsaDJTNmhNK2JMaklVODZ0V1dIckJWZjVCbXFF?= =?utf-8?B?ejlVYlM0T0NicVdYd3YvRjVkUCtFdXJsSTRXY2xLSk5ydzBsZGliNVIyZlJO?= =?utf-8?B?ZWVtK3REM2pRcFdpUkM5VDk1b2llUVBqVkR0QkhwRmp5MVdhdXRBSkE4QkRa?= =?utf-8?B?cUpOUkZzbU93dEFzWXRhQVdoMDQrRDNGNmtqM3UxTzhERTNkODNrWUw2eXhq?= =?utf-8?B?WWRNbnV3VWpZWGZwU0QwWnJsM0hNUjF1TW0vZDlRcDc3RVUwb1I3Ky9MV0xk?= =?utf-8?B?RnJEMU00R08yalkzamhNaTJwUHNLUjRkNE5uZFhmS2VZUTNZR25aKzhldWlH?= =?utf-8?B?UTQ2QnRURGltNWRvSHczbklqZ3ViWmtqVDV1eG9QaHFvdmtvclFuVk16ZWh2?= =?utf-8?B?WCtEejYyOFJMMWtuVGt6YzhXa0FLNVgrSVRsQ3U2SUt3RENVNmpCV2F0SGJV?= =?utf-8?B?Uk4zNTY4Vi80ZHNobE55TjlhVjFjSm5WalRXRUJGMUlKeFBSUkRBZHM3OVNR?= =?utf-8?B?OWk1VTIxZ1B1N1RGZ2pPbnpWZm5ubmJiVW5MUTYrOXl0Qk5mY3ZTdm9VMm1K?= =?utf-8?B?WHdsUXN1dzUvdkh0VVo5TDYzYjlvRnArWU13RTFZeGZFaGtRYy80UU5Yd3hR?= =?utf-8?B?czJHNEp0WFZKZ0t6WHViS0EvaUtjbHVqTWhFOG5pbFlQOVpoNTRXTnAxblI4?= =?utf-8?B?Sk0xU0lSdlEzMUxubjZLcGhraVpFbUdDS1VabktiWDRNTG9lMHphczg3enVq?= =?utf-8?B?Y1Q4bnV4T2NkOExnVWo3dzY0MTNoeHByWm1UNFVwM09jRnZ2SHpobndzZnVq?= =?utf-8?B?bzk3UGtyeGQ2Y2tmaytJVlJudzIrb2prY2N2RTdRZk9lVGFzbGtMOTE1bWJR?= =?utf-8?B?UlVMckpRQTF1VDRabCtmY3V3Vy9xNUtxUzBya1ZGZTdJZkhxVVBucm1pTHNI?= =?utf-8?B?MlhRUlpiWmpoTWtMM1hDVmVReTM2bWs3QUxMTmE0TVh6VHBLT1QxbXBEdVd2?= =?utf-8?B?akg0YlFxUWJTMXlkSy9mWHJmbjl2UXZXNDBKYjh2bFcwUkQ1TFZGZ3R4RG5r?= =?utf-8?B?TzlHekI4djVxWWhXVFoxb21SRkIyS0dPQ0RXemZiYk8zU3Y3VnZQYkdDV3NB?= =?utf-8?B?SUFiSWtaOTVvWEhkWG15ck9DbHJYYmovc0lnaWhXOVYrc2xTN3VCMmRYUGlt?= =?utf-8?B?UUF4NEJnS1BpbE9LT050MFRWR2k3anZiVE92QSs3aitDQjZFMDZjTFQvRU42?= =?utf-8?B?QktpSk9ldkd1MUt1T3pGbHlWa2ladGp1dFlmRTM1SWhqUjVkczBkTXExNlhQ?= =?utf-8?B?b2ZVSWhUZkp1THdpcnVzc1kvZU9wM0RQdEp5NnhNT2xtZjI2c1F6dWdvNHNZ?= =?utf-8?B?dmEwbDFNU1B4Z3pnYXFRdmxTN3lBNXVuUnRVbTAvNmpRYTgxOFdLcHo2aWFt?= =?utf-8?Q?gsK+AM4dSJE+hqlT38=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-e3d53.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 367e9250-28a2-4b12-5601-08dc50572ff8 X-MS-Exchange-CrossTenant-AuthSource: AM8P250MB0170.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2024 01:17:38.0440 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P250MB0214 From: bobwei9@hotmail.com (Bob Weinand) --------------RICfBpt9R1jWZxbSrr90jRNl Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 29.3.2024 23:31:26, Daniil Gentili wrote: > In light of the recent supply chain attack in xz/lzma, leading to a > backdoor in openSSH > (https://www.openwall.com/lists/oss-security/2024/03/29/4), I believe > that it would be a good idea to remove the huge attack surface offered > by the pre-generated autoconf build scripts and lexers, offered in the > release tarballs. > > In particular, the xz supply chain attack injected the exploit with a > few obfuscated lines, manually added to the end of the pre-generated > configure script, that was only bundled in the tarballs. > > Even if the exploits themselves were committed to the repo in the form > of test files, the code that actually injected the exploit in the > library was not committed to the repo, and was only present in the > pre-generated configure script in the tarball: this injection mode > makes sense, as extra files in the tarball not present in the git repo > would raise suspicions, but machine-generated configure scripts > containing hundreds of thousands of lines of code not present in the > upstream VCS are the norm, and are usually not checked before execution. > > Specifically in the case of PHP, along from the configure script, the > tarball also bundles generated lexer files which contain actual C > code, which is an additional attack vector, i.e. here's the diff > between the tarball of the 8.3.4 release, and the PHP-8.3.4 tag on the > git repo: > > ``` > ~ $ diff -r php-8.3.4 php-src -q > Only in php-src: > .git                                                      Files > php-8.3.4/NEWS and php-src/NEWS differ                               > Files php-8.3.4/Zend/zend.h and php-src/Zend/zend.h > differ                 Only in php-8.3.4/Zend: zend_ini_parser.c > Only in php-8.3.4/Zend: zend_ini_parser.h > Only in php-8.3.4/Zend: > zend_ini_parser.output                             Only in > php-8.3.4/Zend: zend_ini_scanner.c > Only in php-8.3.4/Zend: zend_ini_scanner_defs.h > Only in php-8.3.4/Zend: > zend_language_parser.c                             Only in > php-8.3.4/Zend: zend_language_parser.h                             > Only in php-8.3.4/Zend: zend_language_parser.output > Only in php-8.3.4/Zend: zend_language_scanner.c > Only in php-8.3.4/Zend: > zend_language_scanner_defs.h                       Only in php-8.3.4: > configure                                               Files > php-8.3.4/configure.ac and php-src/configure.ac differ               > Only in php-8.3.4/ext/json: > json_parser.tab.c                              Only in > php-8.3.4/ext/json: json_parser.tab.h > Only in php-8.3.4/ext/json: json_scanner.c > Only in php-8.3.4/ext/json: > php_json_scanner_defs.h                        Only in > php-8.3.4/ext/pdo: pdo_sql_parser.c > Only in php-8.3.4/ext/phar: > phar_path_check.c                              Only in > php-8.3.4/ext/standard: url_scanner_ex.c > Only in php-8.3.4/ext/standard: var_unserializer.c > Only in php-8.3.4/main: php_config.h.in > Files php-8.3.4/main/php_version.h and php-src/main/php_version.h > differ   Only in php-8.3.4/pear: > install-pear-nozlib.phar                           Only in > php-8.3.4/sapi/phpdbg: phpdbg_lexer.c                              > Only in php-8.3.4/sapi/phpdbg: > phpdbg_parser.c                             Only in > php-8.3.4/sapi/phpdbg: phpdbg_parser.h > Only in php-8.3.4/sapi/phpdbg: phpdbg_parser.output > ``` > > To prevent attacks from malevolent/compromised RMs, I propose > completely removing all autogenerated files from the release tarballs, > and ensuring their content exactly matches the content of the > associated git tag (this means also removing the -dev prefix from the > version number in main/php_version.h, Zend/zend.h, configure.ac and > NEWS in the git tag). > > Of course this means that users will have to generate the build > scripts when compiling PHP, as when installing PHP from the VCS repo. > > I'm sending a copy of this email to security@php.net as well. Hey Daniil, You can also have a public CI (i.e. a github action) generate the artifacts, along with hash computation. It should be a github action which runs on tags. This makes it fully verifiable; i.e. the code for the generation of action, including the hash. Anyone who wants can trivially trace this back. There's nothing in the tarballs which cannot be trivially automated and made verifiable. I don't think providing pre-generated files is fundamentally flawed, the primary lacking thing is verifiability. Which is also what enabled the xz backdoor. Bob --------------RICfBpt9R1jWZxbSrr90jRNl Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
On 29.3.2024 23:31:26, Daniil Gentili wrote:
In light of the recent supply chain attack in xz/lzma, leading to a backdoor in openSSH (https://www.openwall.com/lists/oss-security/2024/03/29/4), I believe that it would be a good idea to remove the huge attack surface offered by the pre-generated autoconf build scripts and lexers, offered in the release tarballs.

In particular, the xz supply chain attack injected the exploit with a few obfuscated lines, manually added to the end of the pre-generated configure script, that was only bundled in the tarballs.

Even if the exploits themselves were committed to the repo in the form of test files, the code that actually injected the exploit in the library was not committed to the repo, and was only present in the pre-generated configure script in the tarball: this injection mode makes sense, as extra files in the tarball not present in the git repo would raise suspicions, but machine-generated configure scripts containing hundreds of thousands of lines of code not present in the upstream VCS are the norm, and are usually not checked before execution.

Specifically in the case of PHP, along from the configure script, the tarball also bundles generated lexer files which contain actual C code, which is an additional attack vector, i.e. here's the diff between the tarball of the 8.3.4 release, and the PHP-8.3.4 tag on the git repo:

```
~ $ diff -r php-8.3.4 php-src -q
Only in php-src: .git                                                      Files php-8.3.4/NEWS and php-src/NEWS differ                               Files php-8.3.4/Zend/zend.h and php-src/Zend/zend.h differ                 Only in php-8.3.4/Zend: zend_ini_parser.c
Only in php-8.3.4/Zend: zend_ini_parser.h
Only in php-8.3.4/Zend: zend_ini_parser.output                             Only in php-8.3.4/Zend: zend_ini_scanner.c
Only in php-8.3.4/Zend: zend_ini_scanner_defs.h
Only in php-8.3.4/Zend: zend_language_parser.c                             Only in php-8.3.4/Zend: zend_language_parser.h                             Only in php-8.3.4/Zend: zend_language_parser.output
Only in php-8.3.4/Zend: zend_language_scanner.c
Only in php-8.3.4/Zend: zend_language_scanner_defs.h                       Only in php-8.3.4: configure                                               Files php-8.3.4/configure.ac and php-src/configure.ac differ               Only in php-8.3.4/ext/json: json_parser.tab.c                              Only in php-8.3.4/ext/json: json_parser.tab.h
Only in php-8.3.4/ext/json: json_scanner.c
Only in php-8.3.4/ext/json: php_json_scanner_defs.h                        Only in php-8.3.4/ext/pdo: pdo_sql_parser.c
Only in php-8.3.4/ext/phar: phar_path_check.c                              Only in php-8.3.4/ext/standard: url_scanner_ex.c
Only in php-8.3.4/ext/standard: var_unserializer.c
Only in php-8.3.4/main: php_config.h.in
Files php-8.3.4/main/php_version.h and php-src/main/php_version.h differ   Only in php-8.3.4/pear: install-pear-nozlib.phar                           Only in php-8.3.4/sapi/phpdbg: phpdbg_lexer.c                              Only in php-8.3.4/sapi/phpdbg: phpdbg_parser.c                             Only in php-8.3.4/sapi/phpdbg: phpdbg_parser.h
Only in php-8.3.4/sapi/phpdbg: phpdbg_parser.output
```

To prevent attacks from malevolent/compromised RMs, I propose completely removing all autogenerated files from the release tarballs, and ensuring their content exactly matches the content of the associated git tag (this means also removing the -dev prefix from the version number in main/php_version.h, Zend/zend.h, configure.ac and NEWS in the git tag).

Of course this means that users will have to generate the build scripts when compiling PHP, as when installing PHP from the VCS repo.

I'm sending a copy of this email to security@php.net as well.

Hey Daniil,

You can also have a public CI (i.e. a github action) generate the artifacts, along with hash computation.
It should be a github action which runs on tags. This makes it fully verifiable; i.e. the code for the generation of action, including the hash. Anyone who wants can trivially trace this back.

There's nothing in the tarballs which cannot be trivially automated and made verifiable.

I don't think providing pre-generated files is fundamentally flawed, the primary lacking thing is verifiability. Which is also what enabled the xz backdoor.

Bob

--------------RICfBpt9R1jWZxbSrr90jRNl--