| ▲ | Running the "Reflections on Trusting Trust" Compiler (2023)(research.swtch.com) | |
| 110 points by naves 10 hours ago | 5 comments | ||
| ▲ | kpcyrd 4 hours ago | parent | next [-] | |
> Even when source is available, as in open source operating systems like Linux, approximately no one checks that the distributed binaries match the source code. This was not the case in 2023 for Arch Linux[1] back when the post was originally published, and is also not the case for Debian[2] since 2024. | ||
| ▲ | lrvick 2 hours ago | parent | prev | next [-] | |
My team and I built stagex as the first software build toolchain that internally mandates 100% determinism and full source bootstrapping. It is explicitly designed for supply chain security to trust no single human or computer. Also container native and soon to be LLVM native. It is our best answer so far to the ROTT paper. | ||
| ▲ | EvanAnderson 9 hours ago | parent | prev | next [-] | |
(2023) Discussion at the time: https://news.ycombinator.com/item?id=38020792 | ||
| ▲ | Y_Y 5 hours ago | parent | prev | next [-] | |
Would be fun to see if an llm could produce this (assuming tfa and other solutions weren't present in the training data). | ||
| ▲ | riemannzeta 6 hours ago | parent | prev [-] | |
Reflections on Trusting "Reflections on Trusting Trust"? | ||