[Arm-netbook] Questioning The Holy War

Ricardo Wurmus rekado at elephly.net
Sat Dec 8 22:14:09 GMT 2018

Chris Tyler <chris at tylers.info> writes:

> I must point out an error here: Ken Thompson proved that auditing source
> code (of software and the toolchain used to build it) is meaningless in his
> paper "Reflections on Trusting Trust".

That’s why it’s important to have trustable tools and reproducible
builds.  For trustable tools there’s ongoing work on a complete source
bootstrap from an auditable source/binary hybrid all the way to a modern
GNU system.  See [1] and [2].

Reproducible builds guarantee that a given binary actually corresponds
to source code.  Having both of these properties does allow us to reason
about the properties of our binaries.

[1] https://savannah.nongnu.org/projects/stage0/
[2] https://www.gnu.org/software/mes/


More information about the arm-netbook mailing list