From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Bootstrap binaries
Date: Sun, 28 Feb 2016 16:08:00 +0100
Message-ID: <87povgyisv.fsf@gnu.org>
References: <20160208204350.GA29053@thebird.nl>
	<1456268422.2159.23.camel@ghic.org> <8737sj7znl.fsf@dustycloud.org>
	<20160224000234.GA21278@jasmine>
	<idjziuq32ft.fsf@bimsb-sys02.mdc-berlin.net>
	<20160224111651.06b2c8e2@debian-netbook>
	<20160224093658.GA28873@novena-choice-citizen.lan>
	<878u284pxq.fsf_-_@gnu.org> <87wppsedu2.fsf@dustycloud.org>
	<87oab3ys9j.fsf@gnu.org>
	<20160228105135.GB3949@novena-choice-citizen.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33597)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1aa2x5-0001OS-6h
	for guix-devel@gnu.org; Sun, 28 Feb 2016 10:08:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1aa2x2-0007Sr-0Z
	for guix-devel@gnu.org; Sun, 28 Feb 2016 10:08:07 -0500
In-Reply-To: <20160228105135.GB3949@novena-choice-citizen.lan> (Jookia's
	message of "Sun, 28 Feb 2016 21:51:35 +1100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Jookia <166291@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>

Jookia <166291@gmail.com> skribis:

> On Sat, Feb 27, 2016 at 12:19:04AM +0100, Ludovic Court=C3=A8s wrote:
>> I prefer to change those binaries as rarely as possible.  Intuitively
>> (and unscientifically), it gives more confidence to keep using the same
>> old binaries wrt. Ken Thompson attacks.
>
> I'm not sure about that, if we could establish the binaries could be
> reproducibly built using the current bootstrap binaries it sounds like it=
 could
> be fine. Having reproducible bootstrap binaries seems like something incr=
edibly
> useful especially for packagers that for whatever reason want to verify t=
hat the
> binaries can be built with Guix before signing them.

We would have to update them every time we change GCC, Guile, Coreutils,
etc. or one of their dependencies, which sounds impractical or even
infeasible to me.

Ludo=E2=80=99.