Brutkey

Soatok Dreamseeker
@soatok@furry.engineer

Improving Geographical Resilience For Distributed Open Source Teams with FREON

In a recent blog post, I laid out the argument that, if you have securely implemented end-to-end encryption in your software, then the jurisdiction where your ciphertext is stored is almost irrelevant. Where jurisdiction does come into play, unfortunately, is where your software is developed and whether or not the local government will employ rubber-hose cryptanalysis to backdoor your…

http://soatok.blog/2025/08/09/improving-geographical-resilience-for-distributed-open-source-teams-with-freon/

Wladimir Palant
@WPalant@infosec.exchange

@soatok@furry.engineer The part I wonder about: if there are n (potential) signing parties, how do all of them know that they are signing the real thing rather than a backdoored release? Currently a typical approach would be a (hopefully secure) build server somewhere that spits out build artifacts and signs them. The signature essentially confirms that the build was produced by the official build server using (as far as it knows) unmodified sources. If we have multiple signers, what do their signatures confirm? Or are they all supposed to produce the same build artifacts independently of each other?