Martin via rb-general wrote on Sun, Dec 18, 2022 at 01:09:37 +0000: > In my opinion the biggest problem is that we are not able to audit and > verify any hardware implementation for this work so it cannot be > trusted at all. Controlling hardware is essential and it cannot be > replaced by virtualization unless it's based on some innovative > blockchain PoW-like crypto agnostic miners. Without at least one > wokring fully libre and formally verifiable hardware reference we are > doomed to fail.
We did write about that once: https://reproducible-builds.org/news/2019/04/01/reproducible-builds-twain-Intel-8086-audit-and-Berne-Convention-patches/ Cheers, Daniel (Don't miss the bold red text at the top.) > Moreover the very first linux was bootstrapped by > MINIX, the very first MINIX was bootstrapped by UNIX and ironically it > looks like UNIX was somehow bootstrapped by itself in 1970 (it's a > commercial not reproducible by design product anyway ;). After so many > years all kind of Free and Open-Source Software is still literally > prisoned by vendor-locked hardware, its obfuscated binary seeds and > problematic build environments(i.e. to bootstrap linux from hex0 in > practice you need to run it on linux anyway > https://github.com/fosslinux/live-bootstrap ). The long term > perspectives for Bootstrappable and Reproducible builds doesn't look > optimistic neither: > https://gist.github.com/DavidBuchanan314/a15e93eeaaad977a0fec3a6232c0b8ae > (sooner or later other checksums will be breaked as well). > > Cheers! Martin
