Blog post about a talk by Ken Thompson and the original Trusting Trust attack finally released

ahojlm at 0w.se ahojlm at 0w.se
Mon Oct 30 17:56:00 UTC 2023


Hello Jeremiah,

On Mon, Oct 30, 2023 at 11:04:40AM +0000, Orians, Jeremiah (DTMB) wrote:
> > Readers of this list should have noticed that source-only verifiable bootstrap has been achieved earlier. 
> > The work presented in [1] provides a full proof of provenance of a verifiable Posix-like system with a 
> > development toolchain, without a reliance on any binary seed.
> If your definition of source only bootstrap includes Megabytes of external binaries, then given your definition
> Debian beat your project by a more than a decade.

Wait, fetching those 357 seed bytes and the needed sources from Guix
repository happens to imply some use of external binaries... probably sized
at least several megabytes? Then what was the point with Guix being
"first", compared to, as you say, Debian?

Never mind, the depth of your analysis is not being questioned, not at all.

> > I hope that if you choose to mention the Guix blog post, then you would also refer to the prior solution [1].
> Nope, lol

I understand that you are unhappy. Hope the acting out has helped.

> > On the other side, presenting bootstrapping from machine codes as the only and also as the "first" 
> > solution to full verifiability is plainly not correct.
> DDC only works if either a) you have a trusted compiler or b) 2 compilers that don't share a common
> compromise. Bootstrappable builds ensures we do have a trusted suite of compilers. So, unless you
> have proof of one of those, you have not in any way contributed to solving the problem.

Indeed. Thanks for the explanation. Even though it looked somewhat
murky to my limited brain capacity, now I see the truth.

It does not matter whether one produces a provably trustable suite of
compilers, OS or anything, unless it is done in the only right way, which
is the one you shall be allowed to choose.

Good that you have opened my eyes.

Let us forget about unpleasant things like
  "calling Guix' feat "Full-Source Bootstrap" is incorrect"
and we shall no longer bother about the fact that
 "giving an impression that Guix presents the first and unique solution
 to full bootsrap from source is dishonest".

Good luck with further achievements on the road to and then past the
binaryseed-full-source-bootstrap-without-using-external-binaries!

>From now on I will refrain from ever questioning your insightful posts.

Best regards,
 an


More information about the rb-general mailing list