On 18/07/2024 21:22, Theo de Raadt wrote:
> Vevy Kod <vevykod@laposte.net> wrote:
> 
>> 1. We do not need a good reason to reduce our attack surface. The
>> likeliness of the scenarios we are preventing does not matter: those
>> scenarios will become likely as soon as they become the easiest to
>> exploit.
> 
> What is the attack surface?

Google is your friend.

>> 2. It prevents unknowingly escalating a supply-chain attack. If a
>> malware is somehow embedded in the compiler, it will be able to 1)
>> read secret keys used by developers to sign binary packages, and 2)
>> embed those secret keys in the compiler output (likely set for
>> distribution).
> 
> 
> If the compiler has malware, it will probably remove the unveil
> and pledge.  You are bullshitting.

You don't seem to understand the rational of using unveil and pledge. Of 
course they can always be removed, but that doesn't go unnoticed.