bofh wrote:
> At this point, it's probably a good idea to point out there's a paper
> called Trusting Trust about your everyday C compiler...
Yeah. It recently disappeared from the ACM's web site after 11+ years
of availability:
http://www.acm.org/classics/oct95/
There is, fortunately, the author's copy:
http://cm.bell-labs.com/who/ken/trust.html
There is an interesting follow up:
http://www.dwheeler.com/trusting-trust/
summary of the followup:
http://www.schneier.com/blog/archives/2006/01/countering_trus.html
The bottom line, however, is that having and using the source is not
optional.
Thus, patches are provided in OpenBSD as source...
But, starting from an initial set of some binaries is adequate for many
uses, just as long as we can make reasonably sure that those binaries
come from who they are supposed to / we expect them to.
The install process ought to be fairly clear about the origin,
authenticity and integrity of those initial binaries. No need to build
on more of a sand foundation than necessary.
-Lars
