security, relability and repeatability issues in the TBB build process
Currently when building TBB on any system, we open the builder up to compromise. We also open ourselves up to reliability issues as a mirror might vanish and leave us out in the cold.
We rely on fetching software from servers that we do not control and in doing so, we use insecure transport mechanisms. Building TBB should not allow a local network attacker to get code execution on the builder's machine. I propose that we host at least one HTTPS mirror of the required source code. I've opened bug #8286 (closed) to discuss this topic and to propose patches. I believe this will make our build process more reliable as a third-party downed mirror will not prevent a build.
We also do not verify that the dependencies for TBB are verified - if someone were to simply tamper with the remote server's archive, the builder would be in trouble. I've opened a ticket to add what I think should be the current expected hashes to the build process in bug #8283 (closed). I think it would also make sense to check against the expected hashes, I may or may not open a separate bug for that issue - thoughts?
To the goal of being able to build TBB on OS X from a clean slate is currently being discussed in #8246 (closed) and I think it is a reasonable goal to try to work homebrew into the process. Homebrew ensures that a similar hash check is done on software before it installs the software. Thus we'll nearly have a totally trusted chain of tools and source code to build TBB on OS X. Later, I think we should ensure this is the same for all platforms.