Originally posted by oiaohm
View Post
Originally posted by oiaohm
View Post
Do not quite understand the start over part. If the bootstrap process is established as audited, then you need to review only incremental changes to see that they do not do something unexpected.
Originally posted by oiaohm
View Post
In general, to implement such thing equals to implement an AI on its own. In point of fact, privileged programs like login or sudo are few and one can disassemble them on several platforms using several tools both free and commercial. These programs are simple enough to make sure they are not infected. Comparing to 80's today's disassemblers/decompilers can do miracles.
Back to Rust concerns. The complexity of reproducing GCC has grown up in natural way and there are no any artificial barriers to bootstrap it. Tools like cc/as/ld/make are all plain and standalone. While Rust "modern" approach does not anticipate that at all. Even if one manages to bootstrap compiler itself, it depends on Cargo indivisibly which may or may not download something from the web. And when you manage to cache these dependencies offline it is an unmanageable self-contained mess. It does not implicate any manageable and deterministic build process.
Their "it just works" and "trust us, we know better" approach is a direct opposite of their so bold claims like "reliable", "safe", ahem.. "truly open".
Comment