[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to reduce our vulnerability from self-hosted compilers
|
From: |
Federico Beffa |
|
Subject: |
Re: How to reduce our vulnerability from self-hosted compilers |
|
Date: |
Fri, 27 Feb 2015 12:25:53 +0100 |
address@hidden (Ludovic Courtès) writes:
> It think it’s a good idea, but I wonder if it is generally applicable.
>
> For instance, ISTR that GHC can be built with a couple of older versions
> whereas MIT Scheme may well require itself. What exactly is possible is
> not always well-documented and sometimes only known to few people.
For GHC (at least currently) it is well documented, see
https://ghc.haskell.org/trac/ghc/wiki/Building/Preparation/Tools
In principle I agree with Mark's suggestion. However, I have a couple of
comments.
My intention was to build GHC and get rid of the required GHC bootstrap
binary from GUIX altogether. With the current patch the store doesn't
need to include the bootstrap binaries which, when uncompressed,
requires 940MB! The compressed bootstrap binary archive is "only" 68MB.
(I'm thinking about download time here. But maybe we could force a local
"build" as discussed for TeXLive.)
The other point is: given that we know the hash of the tar file, if
somebody manages to hack them, we will detect it.
Regards,
Fede