[Arm-netbook] Questioning The Holy War
Ricardo Wurmus
rekado at elephly.net
Sat Dec 8 22:14:09 GMT 2018
Chris Tyler <chris at tylers.info> writes:
> I must point out an error here: Ken Thompson proved that auditing source
> code (of software and the toolchain used to build it) is meaningless in his
> paper "Reflections on Trusting Trust".
That’s why it’s important to have trustable tools and reproducible
builds. For trustable tools there’s ongoing work on a complete source
bootstrap from an auditable source/binary hybrid all the way to a modern
GNU system. See [1] and [2].
Reproducible builds guarantee that a given binary actually corresponds
to source code. Having both of these properties does allow us to reason
about the properties of our binaries.
[1] https://savannah.nongnu.org/projects/stage0/
[2] https://www.gnu.org/software/mes/
--
Ricardo
More information about the arm-netbook
mailing list