Re: How to reduce our vulnerability from self-hosted compilers

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to reduce our vulnerability from self-hosted compilers

From:	Andreas Enge
Subject:	Re: How to reduce our vulnerability from self-hosted compilers
Date:	Fri, 27 Feb 2015 22:12:51 +0100
User-agent:	Mutt/1.5.23 (2014-03-12)

Hello,

your ideas sound good to me. As to Fede, it occurred to me that we would
not need to maintain our own bootstrap binaries as we do for the guix system.
Instead, we could add a fixed binary from upstream to the store (as a
separate, probably private, package) and use it to build the final package.
When updating to a newer version, we would keep the same binary bootstrap
package. This would be an easier way of achieving your first goal.

It would not, however, achieve your second goal, of creating new bootstrap
binaries with the old ones, if necessary, and to thus obtain a complete
"trust chain". But I think this would be the second step, and maybe too much
effort for not so much effect.

Let us implement the first step first, and then see where it leads us.

Andreas

[Prev in Thread]

Current Thread

[Next in Thread]

How to reduce our vulnerability from self-hosted compilers, Mark H Weaver, 2015/02/26
- Re: How to reduce our vulnerability from self-hosted compilers, Ludovic Courtès, 2015/02/27
  - Re: How to reduce our vulnerability from self-hosted compilers, Andreas Enge <=
- Re: How to reduce our vulnerability from self-hosted compilers, Federico Beffa, 2015/02/27

Prev by Date: Re: [PATCHES] Some cleanups for core-updates
Next by Date: Re: [PATCH] gnu: Add Scikit-learn.
Previous by thread: Re: How to reduce our vulnerability from self-hosted compilers
Next by thread: Re: How to reduce our vulnerability from self-hosted compilers
Index(es):
- Date
- Thread