Alexander Burger <a...@software-lab.de> writes: > In case of pil21, where is the problem?
> llvm assembler to convert to machine code ^ I think he is pointing here > Do you seriously believe the libraries contain backdoors? I don't think he said anything like that. My understanding is that he said that llvm is not reasonably reviewable and that it is under control of people with questionable reputation and that it poses potentially serious risk which he does not want to take. The problem with trust is that it is not transitive. I might trust Alex, Alex might trust llvm but that does not mean I trust llvm. > They would be detected very quickly. If you take the optimistic point of view, you can certainly ignore the issue completely. Detection can take years or decades if at all, then somebody needs to find a way to fix it if there is a will to fix it at all and then actually fix it and then make sure it does not happen again. > The generated machine code and runtime behavior I debug and observe > permanently. Because you observe software does not mean it does not contain so far unobserved behaviour. Also iirc that famous C guy had a talk about backdoors in compilers. Interesting stuff. -- UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
