"Reflections on trusting trust" is specifically called out as a motivation for t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dane-pgp on July 12, 2020 \| parent \| context \| favorite \| on: Reflections on Trusting Trust (1984) [pdf] "Reflections on trusting trust" is specifically called out as a motivation for the Bootstrappable Builds project[0], which I think is an interesting approach at regaining some of the trust in our software. Another, better known project is the work on Reproducible Builds[1], and of course it would be nice to have auditable hardware based on clearly documented designs. [0] https://www.bootstrappable.org/ [1] https://reproducible-builds.org/

akavel on July 12, 2020 [–]

For some other projects that more or less explicitly try to approach this challenge from various angles, see e.g.:

https://dwheeler.com/trusting-trust/

https://github.com/akkartik/mu

mbakke on July 12, 2020 | [–]

There is also GNU Mes, which is able to build a GCC toolchain starting from nothing but a Scheme interpreter:

https://www.gnu.org/software/mes/

Practical implementation notes can be found on the Guix blog:

https://guix.gnu.org/blog/2019/guix-reduces-bootstrap-seed-b...

https://guix.gnu.org/blog/2020/guix-further-reduces-bootstra...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact