On Tue, Sep 16, 2014 at 11:27 PM, Mark H Weaver <mhw@netris.org> wrote:

Ian Grant <ian.a.n.grant-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> writes:

Are you suggesting that we compile our Scheme code to C, include that
in our distribution, and then users would start by compiling that
(non-source) C code? If so, I'm surprised to hear you suggest that,
given your concern over Thompson viruses (which I share, incidentally).
A Thompson virus could be hiding in this intermediate C code that would
be very hard to audit.

Tell me, how did you compile your OS kernel and your glibc, ld.so, ld, as and gcc binaries?

You don't seem to understand the problem: a "Thompson virus" is not hard to audit, it is _impossible_ to audit, because it's _invisible_. The method I explain in that document will allow us to know that there is very probably not a "Thompson virus" anywhere in the system.

I, for one, am very glad that unlike many self-hosting compilers, Guile
is bootstrapped entirely from source code, with just one exception:
psyntax-pp.scm is generated from psyntax.scm, but it's fairly close to
the source code and quite readable. Incidentally, I put a great deal of
effort into making sure it was readable.

I can assure you that Guile is most certainly not bootstrapped entirely from source code. If you had understood any of the discussion about the problem you would know that there is not one single line of GNU source that has ever been bootstrapped from source code.

> See the thunder.pdf I sent when I first proposed this idea:
>
> http://lists.gnu.org/archive/html/guile-devel/2014-08/msg00064.html

If you want me to read it, can you please email it as plain text?

No: because If you can't read a PDF then you can't read _any_ of the research papers you need to be able to read in order to stand the slightest chance of doing a decent job of developing any kind of software at all.

Ian