alt Hacker NewsQuite literally all distros today build it by downloading an existing magic binary to compile the latest sources. Even if they claim the package is reproducible, all bets are off on trust if it downloads a prebuilt binary in the build process. It is a prime Trusting Trust attack target.
The only other somewhat widely used language I am aware of in this bad of a position is Ada. Every other language I am aware of has a clear bootstrap path.
Replies
rowanG077 • last Saturday at 8:57 PM
I see, yes I most likely used a distro build ghc.
Outside some fairly niche projects working on the problem, this is not a priority and most systems have straight binary dependencies.