[Zababa]

Are there any people working seriously on this? I'm aware of efforts for OCaml (http://gallium.inria.fr/~scherer/drafts/camlboot.pdf), but that's it.

[LukeShu]

https://dwheeler.com/trusting-trust/

'dwheeler is now the Linux Foundation's Director of Open Source Supply Chain Security.

[pabs3]

The Bootstrappable Builds community (which camlboot is part of) are working on a lot of different efforts in this area. The main one is going from a small amount of machine code to an entire Linux distro, which is in-progress.

https://bootstrappable.org/ https://bootstrapping.miraheze.org/

[kibwen]

Here's the original resource on Diverse Double Compilation to counter Trusting Trust Attacks: https://dwheeler.com/trusting-trust/

Notably I know the Rust compiler has been verified in this way (or at least certain versions of it have been verified), but it shouldn't be hard to do the same for any language with multiple independent implementations.