@uutils @fosdem
Yes! The Full-Source Bootstrap, as pioneered by #Guix (https://guix.gnu.org/es/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/), to address the widely ignored #TrustingTrust problem is being ported to/implemented by @nixos_org
It would be amazing to see it in @debian / @ubuntu too and I'm a bit puzzled about what the introduction of Rust might do to what we have accomplished?
Interesting tidbit about Rust as used in the Android OS: to prevent the trusting trust attack, and not rely on rust-lang.org build, they bootstrapped rustc 1.19 with mrustc (0.8.0), and then built all following rustc versions with their previous version.
https://cs.android.com/android/platform/superproject/main/+/main:prebuilts/rust/bootstrap/README.md
#RustLang #Android #Toolchains #Bootstrapping #TrustingTrust
Running the "Reflections on Trusting Trust" Compiler
https://research.swtch.com/nih
#HackerNews #Running #Reflections #on #Trusting #Trust #Compiler #TrustingTrust #CompilerResearch #SoftwareDevelopment #Security
@filippo Meanwhile, bootstrapping a current OpenJDK involves compiling multiple ancient packages (each with its own set of outdated dependencies, of course) and then going up all the way from Java 7, version by version.
@stikonas has described this tedious process and developed some ebuilds for Gentoo here: https://git.stikonas.eu/andrius/gentoo-bootstrap
This also applies to Rust in a way, but at least it's not as bad there – not yet, as the old versions might eventually succumb to bitrot, too.
Please, dear programming language community, can we do better at this? For resilience, for reproducibility, for reliability, for portability and for preservation?
#bootstrappablebuilds #bootstrapping #reproduciblebuilds #trustingtrust #gentoo #openjdk #rust
Edit: Added &c=my-comment to the URL,
please like my comment, or otherwise help me to reach LaurieWired? Boost=❤️ #askfedi
@regtur @reproducible_builds @guix @ekaitz_zarraga
@nlnet
@fsf
@fsfe
@gnutools
Seems #fedi didn't do their thing just yet, so I logged into the Evil Empire and added a comment. Not sure if that will do any good, tho. I guess maybe one or two of you who read this, and still have a Google account, could like my comment, but there are already comments with > 3K likes, so yeah.
Also, no idea how to reach them; they're talking about trust, and then only seem to on Big Tech platforms like TPPKAB (the platform previously known as birdsite), instagram, etc.
<https://www.youtube.com/watch?v=Fu3laL5VYdM&lc=UgxAf-w-tTYM5syB3x94AaABAg>
#bootstrappablebuilds #guix #gnu #reproducibleBuilds #supplyChainSecurity #trustingTrust
@regtur
Wait what? #GNU #Mes isn't being mentioned? Not even in the comments?
Fediverse do your thing!
cc: @lauriewired @reproducible_builds
@guix
@ekaitz_zarraga
@nlnet #bootstrappable
#bootstrappablebuilds
#guix
#trustingtrust
Hey look at this
* Celebrating the #InternetFreedom Movement at the #EFFAwards https://www.eff.org/deeplinks/2023/09/celebrating-internet-freedom-movement-eff-awards
* Running the “Reflections on #TrustingTrust” Compiler https://research.swtch.com/nih (h/t @nelson
* A 1940s #Halloween from Centuries of Sound https://centuriesofsound.com/2023/10/25/a-1940s-halloween-from-centuries-of-sound/
4/
“It would be easy to see the world as all doom and gloom when you're tackling these issues… But we do this work because we CAN fix the internet. Our dream is that everyone in this room will not only stand up for their rights but find ten other friends to stand up with you.” - EFF’s Executive...
Janneke
Anisse
Hacker News
Stefan Gast
fraggle
LisPi
Wyatt (🏳️⚧️♀?)
Cory Doctorow