From mboxrd@z Thu Jan 1 00:00:00 1970 From: jeremiah@pdp10.guru Subject: Re: Preparing the reduced bootstrap tarballs Date: Tue, 20 Nov 2018 00:26:59 +0000 Message-ID: <877eh81tm4.fsf@ITSx01.pdp10.guru> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33044) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gOtsl-0006Af-EA for guix-devel@gnu.org; Mon, 19 Nov 2018 19:27:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gOtsg-0002rE-F7 for guix-devel@gnu.org; Mon, 19 Nov 2018 19:27:11 -0500 Received: from itsx01.pdp10.guru ([74.207.247.251]:38486 helo=itsx01) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gOtse-0002kk-AD for guix-devel@gnu.org; Mon, 19 Nov 2018 19:27:04 -0500 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: g@xelera.eu, guix-devel@gnu.org > so, if I don't get it wrong, every skilled engineer will be able to > build an "almost analogic" (zero bit of software preloaded) computing > machine ad use stage0/mes [1] as the "metre" [2] to calibrate all other > computing machines (thanks to reproducible builds)? well, I haven't thought of it in those terms but yes I guess that is one of the properties of the plan. > the first bit of code have to be "manually" introduced in the machine, > right? Correct, otherwise you'll have to deal with firmware/bios as a trust vector to be concerned about. > for the lazyer like me, what about a punched card? :-) If someone is willing to figure out how to read a deck of punched cards without software, I'd be interested in learning more. > I didn't know about Nexus Intruder attacks: could you please give me > some links to the relevant bibliography? I'll see if I can dig those up for you. > so, having the scientific proof that binary conforms to source, there > will be noo need to trust (the untrastable) Well, that is what someone else could do with it but not a direct goal of the work. -Jeremiah