|
|
|
|
|
|
by MarsIronPI
178 days ago
|
|
|
But where does the original compiler come from? Reproducible builds are only as good as the compiler used to compile them. That's the point of Trusting Trust. If you build with a backdoored compiler and I reproduce your build with the same backdoored compiler, that solves nothing. This is why full-source bootstrap is important[0]. [0]: https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-... |
|
|
> Reproducible builds are only as good as the compiler used to compile them.
Which is so so so much better than "as good as nothing".