But where does the original compiler come from? Reproducible builds are only as good as the compiler used to compile them. That's the point of Trusting Trust. If you build with a backdoored compiler and I reproduce your build with the same backdoored compiler, that solves nothing. This is why full-source bootstrap is important[0].
alt Hacker News
But where does the original compiler come from? Reproducible builds are only as good as the compiler used to compile them. That's the point of Trusting Trust. If you build with a backdoored compiler and I reproduce your build with the same backdoored compiler, that solves nothing. This is why full-source bootstrap is important[0].
[0]: https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-...