From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Publishing an Official Statement on Self-Hosted Compilers Date: Thu, 12 May 2016 12:05:36 +0200 Message-ID: <87zirs2y27.fsf@gnu.org> References: <1462459952.3184683.599099897.2F5459D9@webmail.messagingengine.com> <87zis37b14.fsf@gnu.org> <1462554829.3557989.600286737.0D1BE258@webmail.messagingengine.com> <874ma71vno.fsf@gnu.org> <1462839088.1794949.602935177.45787E29@webmail.messagingengine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40330) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b1g18-00071p-BP for guix-devel@gnu.org; Sat, 14 May 2016 16:18:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b1g16-0005Ws-5B for guix-devel@gnu.org; Sat, 14 May 2016 16:18:29 -0400 In-Reply-To: <1462839088.1794949.602935177.45787E29@webmail.messagingengine.com> (Alex Griffin's message of "Mon, 09 May 2016 19:11:28 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Alex Griffin Cc: guix-devel@gnu.org Hi! Alex Griffin skribis: > I've put my initial notes in a git repository > [here](https://gitlab.com/ajgrf/bootstrapping-compilers/blob/master/notes= .org). > They are in a very rough state, but mostly everything is there in some > form. If anyone has any thoughts please let me know!=20 I like it. :-) I think the bit about the =E2=80=9Ctrusting trust=E2=80=9D attack should go= under =E2=80=9CThe Problem=E2=80=9D. Specifically, I would suggest expounding on the software freedom bit (the fact that users must be provided with the Corresponding Source), and the reproducibility bit (allow people to build from source and to ensure the binaries correspond to the source), and then on security (=E2=80=9Ctrusting trust=E2=80=9D.) WDYT? We should then discuss it with the repro-builds folks, and probably contact a bunch of compiler writers to get initial feedback. Thanks, Ludo=E2=80=99. PS: I would suggest wrapping lines in notes.org, which would make it easier to read IMO, and also facilitate patch handling.