The German government paid $500,000+, to Arch Linux, to re-write Arch Package Management in Rust. Is Germany hoping to inject backdoors, or other spyware, in...
Like I said, the only way you could really trust it is if you’re not using a compile to make it. You have to write a compiler directly in assembly and then use that to compile everything else.
What I’m saying is there is no need to write a whole new compiler in assembly, check out the bootstrapping article I linked.
Or, if there is some uncompomised older compiler version A, and a compromised version B built with A, then the source code for B can be fed to A to create a clean version. As in it might be hard to try to poison the supply chain now, if they haven’t already. We can’t be sure it isn’t already poisoned, but if it actually isn’t it’s possible to catch such an attack.
The key problem is knowing whether something is compromised or not though, that why you can’t use an existing compiler if you want to be sure. Meanwhile, bootstrapping involved building a minimal core in assembly and then progressively compiling the compiler using itself. That’s basically how you build a whole new compiler starting with assembly.
Compile the compiler? I presume there is some version that isn’t compomised? Or go all the way back to some bootstrapped c compiler?
Like I said, the only way you could really trust it is if you’re not using a compile to make it. You have to write a compiler directly in assembly and then use that to compile everything else.
What I’m saying is there is no need to write a whole new compiler in assembly, check out the bootstrapping article I linked.
Or, if there is some uncompomised older compiler version A, and a compromised version B built with A, then the source code for B can be fed to A to create a clean version. As in it might be hard to try to poison the supply chain now, if they haven’t already. We can’t be sure it isn’t already poisoned, but if it actually isn’t it’s possible to catch such an attack.
The key problem is knowing whether something is compromised or not though, that why you can’t use an existing compiler if you want to be sure. Meanwhile, bootstrapping involved building a minimal core in assembly and then progressively compiling the compiler using itself. That’s basically how you build a whole new compiler starting with assembly.