|
|
|
|
|
|
by XorNot
1876 days ago
|
|
|
This is cool as heck. Outside of architectural attacks, this seems like a practical response to Reflections on Trusting Trust (http://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thom...). While we can definitely discuss whether it's practical for anyone to actually audit all that source code (no it is not), proving a 356 bytes codestream isn't malicious seems like a good foundation to argue about. |
|
|
Perhaps this bit is key as you could cross reference the two:
> Furthermore, having an alternative bootstrap automation tool allows people to have greater trust in the bootstrap procedure.
Interesting thought exercise.
Edit: Avoid this subject unless you want to be nerd sniped and spiral into paranoia.