matt at mattmccutchen.net
Thu Apr 22 21:56:34 UTC 2010
On Thu, 2010-04-22 at 09:25 -0400, Tom "spot" Callaway wrote:
> For example, stating "no binaries", wouldn't be true, as we might have a
> situation where we would have a bootstrapped binary contributed along
> with the source, but for bootstrapping reasons, needs to be included as
> a starter.
In such cases, we should seriously consider trying to repeat the entire
bootstrapping process purely from source code. Otherwise, there is no
way to ever know whether the binary contains a heritable trojan, a la
"Reflections on Trusting Trust", short of auditing the disassembly.
More information about the devel