GNU Mes rebuild is definitely an application of DDC!

Vagrant Cascadian vagrant at reproducible-builds.org
Mon Oct 12 23:28:17 UTC 2020


On 2020-10-12, David A. Wheeler wrote:
> In the discussion today I was pointed to this awesome post about
> creating a reproducible bootstrap of the GNU Mes C compiler:
> https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-of-mes-c-compiler/
>
> I was asked if this counted as an application of Diverse
> Double-Compiling (DDC). Unless I’m grossly misunderstanding something,
> that is *definitely* an application of DDC! Different compilers are
> being used with the same source code in a special way to verify that
> the results are bit-for-bit identical. That’s what DDC is all
> about.

Great!


> The compilers being used in the DDC process aren’t as diverse
> as one might like, so there are limits to the result (as discussed in
> section 6 of my dissertation).

Indeed.


> But that’s definitely the real deal. In fact, it shows how DDC &
> reproducible builds can work together to provide a very strong
> countermeasure against the trusting trust attack & other kinds of
> maliciously subverted executables.

OK!


> I wrote a summary explaining it here:
> https://dwheeler.com/trusting-trust/#real-world

That sums it up very nicely, thanks!


> If I missed anything, or if anything is wrong, let me know.

Some minor typos:

  s/GNU MeS/GNU Mes/
  s/big-for-bit/bit-for-bit/
  s/distributions GNU Guix, Nix and Debian)/distributions (GNU Guix, Nix and Debian)/


> But I think it’s worth noting that this really is an application of
> DDC to gain confidence in a reproducible bootstrap.

Excellent.

Thanks for following up and the good conversation on IRC.


Now we need to step up our compiler diversity and OS diversity for for
future tests!


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20201012/f02b4560/attachment.sig>


More information about the rb-general mailing list