3.7 KiB
Compilers are often written in the language they are compiling. This creates a chicken-and-egg problem that leads users and distributors to rely on opaque, pre-built binaries of those compilers that they use to build newer versions of the compiler.
To gain trust in our computing platforms, we need to be able to tell how each part was produced from source. We believe that opaque binaries are a threat to user security and user freedom since they are not auditable; we believe the amount of bootstrap binaries should be minimized.
Benefits
This is nice, but what are the actual benefits of “bootstrappable” implementations? Find out what additional benefits there are to achieving bootstrappable builds.
Best practises
Are you developing or contributing to software that is affected by the bootstrapping problem? Here we list best practises and practical examples that can help you pull yourself up by your own bootstraps.
Collaboration projects
Solving bootstrapping problems in existing compilers and build systems requires collaboration. Here is a list of long-term high-impact projects that we would like to work on collaboratively.
More projects and status updates can be found on the bootstrapping wiki.
Join the mailing list and/or the IRC channel #bootstrappable on freenode for news and communication!
Further reading
- Ken Thompson's acceptance speech for the 1983 Turing Award: Reflections on trusting trust
- Toy example of a subverted rust compiler
- What is a coder's worst nightmare?
- Defending Against Compiler-Based Backdoors
- Deniable Backdoors Using Compiler Bugs