* Martin <smar...@disroot.org> [2021-04-05 20:19]: > In general it doesn't make sens to make any "free software" > development if you cannot trust your compiler. You cannot trust your > source code if it produce different binaries in the same dev > environment. This is the basic and once it's established than you > can play with any "controlled randomization" ideas on top of it.
Yes Martin, that is theory, look around the world, practicality is that for people it does make sense. They don't trust compilers, they trust websites, not even people, as majority of users do not know any people behind OS distributions. That is the real world. I do understand the strive to perfectionism and there are projects like Guix which strive to reach the point you are talking. Maybe such projects can become bootstrapping distributions for other distributions which cannot or did not reach that far yet. What means "to trust" compiler? We already trust our compilers, obviously. We have confidence, faith in compilers and people making it. Free software is insecure and we trust people behind distributions. We have only freedom to verify it though largest majority of users including programmers cannot possibly verify free software on a system as it would take a life time. OpenBSD people are verifying the system for decades they still did not finish. It is never ending story. Maybe you wish to say we have to control compiler, but compiler is huge, not even compiler developers can know what is everything inside, they always find some new problems to solve. Developers are solving issues: https://gcc.gnu.org/bugzilla/buglist.cgi?chfield=%5BBug%20creation%5D&chfieldfrom=24h Insecurities: https://www.cvedetails.com/product/960/GNU-GCC.html?vendor_id=72 To use free software we have to rely that it is safe and comes from trusted sources. It can still be that we discover backdoors after years, just as with Minix OS in Intel chips that could be used for backdoors and intrusion into computer operations. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/