On Thu, 2010-04-22 at 09:25 -0400, Tom "spot" Callaway wrote:
For example, stating "no binaries", wouldn't be true,
as we might have a
situation where we would have a bootstrapped binary contributed along
with the source, but for bootstrapping reasons, needs to be included as
a starter.
In such cases, we should seriously consider trying to repeat the entire
bootstrapping process purely from source code. Otherwise, there is no
way to ever know whether the binary contains a heritable trojan, a la
"Reflections on Trusting Trust", short of auditing the disassembly.
--
Matt