* Jan Nieuwenhuizen <jann...@gnu.org> [2021-04-08 16:43]: > Martin writes: > > > Maybe freedom in "free software" shouldn't require from the code to be > > open neither. Let's just blindly trust some saint developers who > > cannot even control their own binaries. Actually today we are closer > > and closer to that sad scenario like never before in the history, > > because in fact most of the open-source and GNU "free software" > > nowadays base on blackboxed binary seeds that cannot be verified by > > the users not even by the core developers. > > The bootstrappable project, GNU Mes and GNU Guix are working to fix that > > > https://guix.gnu.org/en/blog/2020/guix-further-reduces-bootstrap-seed-to-25/ > https://fosdem.org/2021/schedule/event/gnumes/
Janneke, that is probably most important step for GNU and free software in general. Once it becomes public enough and awareness is raised, many distributions will be nullified in terms of being fully free. I guess that Free System Distribution Guideliness will also need to be update when Guix gets its full bootstrap from source, so that every OS has to be bootstrapped from GNU Guix. Guix will become primary root distribution for every other distribution or otherwise they are not trusted. It does not mean that distributions are "secure" just because bootstrapping process exists, there is so much more work around that. It is very simple even to replicate the bootstrapping process and provide source from one malicious source, that is enough to corrupt the whole process for common users. However -- this does not exclude malicious codein various compilers, we still do not know if something is injected in a smart way. We still have to trust it. This is just one step forward to full inspection of the software. NSA, according to stories, has already ask Torvalds to inject backdoors. I don't think they will simply give up with their intentions. I have read it, and researching, but yet do not get how to start. I have downloaded stage0, is that the place to start? Jean