* Martin <smar...@disroot.org> [2021-04-05 20:19]:

> In general it doesn't make sens to make any "free software"
> development if you cannot trust your compiler. You cannot trust your
> source code if it produce different binaries in the same dev
> environment. This is the basic and once it's established than you
> can play with any "controlled randomization" ideas on top of it.

Yes Martin, that is theory, look around the world, practicality is
that for people it does make sense. They don't trust compilers, they
trust websites, not even people, as majority of users do not know any
people behind OS distributions. That is the real world.

I do understand the strive to perfectionism and there are projects
like Guix which strive to reach the point you are talking. Maybe such
projects can become bootstrapping distributions for other
distributions which cannot or did not reach that far yet.

What means "to trust" compiler? We already trust our compilers,
obviously. We have confidence, faith in compilers and people making
it. Free software is insecure and we trust people behind
distributions. We have only freedom to verify it though largest
majority of users including programmers cannot possibly verify free
software on a system as it would take a life time. OpenBSD people are
verifying the system for decades they still did not finish. It is
never ending story.

Maybe you wish to say we have to control compiler, but compiler is
huge, not even compiler developers can know what is everything inside,
they always find some new problems to solve.

Developers are solving issues:
https://gcc.gnu.org/bugzilla/buglist.cgi?chfield=%5BBug%20creation%5D&chfieldfrom=24h

Insecurities: https://www.cvedetails.com/product/960/GNU-GCC.html?vendor_id=72

To use free software we have to rely that it is safe and comes from
trusted sources. It can still be that we discover backdoors after
years, just as with Minix OS in Intel chips that could be used for
backdoors and intrusion into computer operations.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/


Reply via email to