Chris Tyler chris@tylers.info writes:
I must point out an error here: Ken Thompson proved that auditing source code (of software and the toolchain used to build it) is meaningless in his paper "Reflections on Trusting Trust".
That’s why it’s important to have trustable tools and reproducible builds. For trustable tools there’s ongoing work on a complete source bootstrap from an auditable source/binary hybrid all the way to a modern GNU system. See [1] and [2].
Reproducible builds guarantee that a given binary actually corresponds to source code. Having both of these properties does allow us to reason about the properties of our binaries.
[1] https://savannah.nongnu.org/projects/stage0/ [2] https://www.gnu.org/software/mes/
-- Ricardo