"Paul H. Merrill" wrote:
> While CypherPunks tend to be a paranoid lot, they do not hold a candle
> to the level of paranoia that is considered Line of Duty by the
> Inte/CounterIntel Community. NSA has demonstrated a compiler that
> introduces backdoors and Trojan aspects while compiling clean source.
> (Purely for demonstration purposes, of course.)
which is why there's been an effort by Alan Cox and others to do some
kind of auditing on gcc, which is currently being taken up again as a
side project of the Linux Kernel Audit Project.
I'm following that effort, and I'll gladly forward any suggestions as to
how one can prove a given compiler binary to be clean without having to
rely on the compiler one used to compile it being clean (which would
only turn things in circles forever).
