[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to reduce our vulnerability from self-hosted compilers
From: |
Ludovic Courtès |
Subject: |
Re: How to reduce our vulnerability from self-hosted compilers |
Date: |
Fri, 27 Feb 2015 11:49:30 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) |
Mark H Weaver <address@hidden> skribis:
> Instead, I would prefer to do something closer to what we do in our core
> bootstrap. We should produce our own bootstrap binaries for each of
> these self-hosted compilers. Like our GCC bootstrap binaries, these
> binaries should be updated very rarely. Then, we should use our own
> bootstrap binaries to build the latest version of any self-hosted
> compiler. In some cases, if the bootstrap binaries are too old to build
> the latest compiler, this might involve multiple steps.
>
> Just as we have recipes to produce bootstrap gcc and binutils, we should
> have recipes to build bootstrap binaries for each self-hosted compiler
> in our system. Each time we produce an updated bootstrap compiler from
> an earlier one, it should be done with our deterministic package such
> that this update step can be independently verified by anyone who wishes
> to do so.
>
> What do you think?
It think it’s a good idea, but I wonder if it is generally applicable.
For instance, ISTR that GHC can be built with a couple of older versions
whereas MIT Scheme may well require itself. What exactly is possible is
not always well-documented and sometimes only known to few people.
Maybe we should try to apply it to some of the cases that we have, and
see how well that works?
Thanks,
Ludo’.