Blog post about a talk by Ken Thompson and the original Trusting Trust attack finally released
Orians, Jeremiah (DTMB)
OriansJ at michigan.gov
Mon Oct 30 18:10:46 UTC 2023
> Wait, fetching those 357 seed bytes and the needed sources from Guix repository happens to
> imply some use of external binaries... probably sized at least several megabytes? Then what
> was the point with Guix being "first", compared to, as you say, Debian?
It is available in printed form if you would like.
> Never mind, the depth of your analysis is not being questioned, not at all.
That would be a bad thing
> It does not matter whether one produces a provably trustable suite of compilers, OS or anything,
> unless it is done in the only right way
Stilling waiting on your formal proof, builder-hex0 and live-bootstrap speaks for themselves.
> which is the one you shall be allowed to choose.
> Good that you have opened my eyes.
No, that is obviously a bad idea.
-Jeremiah
More information about the rb-general
mailing list