undefined | Better HN

0 pointsknownjorbist4y ago0 comments

For anyone who hasn't read it:

https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...

0 comments

Are there any people working seriously on this? I'm aware of efforts for OCaml (http://gallium.inria.fr/~scherer/drafts/camlboot.pdf), but that's it.

LukeShu4y ago

https://dwheeler.com/trusting-trust/

'dwheeler is now the Linux Foundation's Director of Open Source Supply Chain Security.

pabs34y ago

The Bootstrappable Builds community (which camlboot is part of) are working on a lot of different efforts in this area. The main one is going from a small amount of machine code to an entire Linux distro, which is in-progress.

https://bootstrappable.org/ https://bootstrapping.miraheze.org/

kibwen4y ago

Here's the original resource on Diverse Double Compilation to counter Trusting Trust Attacks: https://dwheeler.com/trusting-trust/

Notably I know the Rust compiler has been verified in this way (or at least certain versions of it have been verified), but it shouldn't be hard to do the same for any language with multiple independent implementations.

j / k navigate · click thread line to collapse