10 lines
3.7 KiB
HTML
10 lines
3.7 KiB
HTML
<!DOCTYPE html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="Content-Language" content="en" /><meta name="author" content="Ricardo Wurmus" /><meta name="viewport" content="width=device-width" /><title>Bootstrappable builds</title><link rel="stylesheet" media="screen" type="text/css" href="/css/reset.css" /><link rel="stylesheet" media="screen" type="text/css" href="/css/screen.css" /><link rel="shortcut icon" href="http://bootstrappable.org/favicon.ico" /></head><body id="top"><div id="banner"><img alt="A boot pulled up by its straps." src="/images/banner.svg" /></div><nav id="menu"><ul><li><a href="/benefits.html" class="inactive">Benefits</a></li><li><a href="/best-practises.html" class="inactive">Best Practises</a></li><li><a href="/projects.html" class="inactive">Projects</a></li><li><a href="/who.html" class="inactive">Contact</a></li></ul></nav><div id="page"><div class="page"><p>Compilers are often written in the language they are compiling.
|
|
This creates a chicken-and-egg problem that leads users and distributors to rely on opaque, pre-built binaries of those compilers that they use to build newer versions of the compiler.</p><p>To gain trust in our computing platforms, we need to be able to tell how each part was produced from source.
|
|
We believe that opaque binaries are a threat to user security and user freedom since they are not auditable;
|
|
we believe the amount of bootstrap binaries should be minimized.</p><h2>Benefits</h2><p>This is nice, but what are the <em>actual</em> benefits of “bootstrappable” implementations?
|
|
<a href="benefits.html">Find out what additional benefits</a> there are to achieving bootstrappable builds.</p><h2>Best practises</h2><p>Are you developing or contributing to software that is affected by the bootstrapping problem?
|
|
Here we list <a href="best-practises.html">best practises and practical examples</a>
|
|
that can help you pull yourself up by your own bootstraps.</p><h2>Collaboration projects</h2><p>Solving bootstrapping problems in existing compilers and build systems requires collaboration.
|
|
Here is a <a href="projects.html">list of long-term high-impact projects</a>
|
|
that we would like to work on collaboratively.</p><p>More projects and status updates can be found <a href="https://bootstrapping.miraheze.org/">on the bootstrapping wiki</a>.</p><p>Join the <a href="who.html">mailing list</a> and/or the <a href="http://webchat.freenode.net?randomnick=1&channels=%23bootstrappable&uio=d4">IRC channel #bootstrappable</a> on freenode for news and communication!</p><h2>Further reading</h2><ul><li>Ken Thompson's acceptance speech for the 1983 Turing Award:
|
|
<a href="https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf">Reflections on trusting trust</a></li><li><a href="https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/">Toy example of a subverted rust compiler</a></li><li><a href="https://www.quora.com/What-is-a-coders-worst-nightmare/answer/Mick-Stute">What is a coder's worst nightmare?</a></li><li><a href="http://blog.regehr.org/archives/1241">Defending Against Compiler-Based Backdoors</a></li><li><a href="https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf">Deniable Backdoors Using Compiler Bugs</a></li></ul></div></div><footer>Made with <span class="highlight">♥</span> by <a href="/who.html">humans</a> and powered by <a href="https://gnu.org/software/guile">GNU Guile</a>. <a href="http://git.savannah.gnu.org/cgit/guix/bootstrappable.git/">Source code</a> under the <a href="https://gnu.org/licenses/agpl-3.0.html">GNU AGPL</a>.</footer></body> |