Bootstrappable builds

<!DOCTYPE html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="Content-Language" content="en" /><meta name="author" content="Ricardo Wurmus" /><meta name="viewport" content="width=device-width" /><title>Bootstrappable builds</title><link rel="stylesheet" media="screen" type="text/css" href="/css/reset.css" /><link rel="stylesheet" media="screen" type="text/css" href="/css/screen.css" /><link rel="shortcut icon" href="//" /></head><body id="top"><div id="banner"><img alt="A boot pulled up by its straps." src="/images/banner.svg" /></div><nav id="menu"><ul><li><a href="/benefits.html" class="inactive">Benefits</a></li><li><a href="/best-practices.html" class="inactive">Best Practices</a></li><li><a href="/projects.html" class="inactive">Projects</a></li><li><a href="/who.html" class="inactive">Contact</a></li></ul></nav><div id="page"><div class="page"><p>Do you know how to make yoghurt? The first step is to add yoghurt to milk! How can you build a compiler like <a href="">GCC</a>? The first step is to get a compiler that can compile the compiler.</p><p>Compilers are often written in the language they are compiling. This creates a chicken-and-egg problem that leads users and distributors to rely on opaque, pre-built binaries of those compilers that they use to build newer versions of the compiler.</p><p>To gain trust in our computing platforms, we need to be able to tell how each part was produced from source. We believe that opaque binaries are a threat to user security and user freedom since they are not auditable; our goal is to minimize the amount of bootstrap binaries.</p><h2>Benefits</h2><p>This is nice, but what are the <em>actual</em> benefits of “bootstrappable” implementations? <a href="benefits.html">Find out what additional benefits</a> there are to achieving bootstrappable builds.</p><h2>Best practices</h2><p>Are you developing or contributing to software that is affected by the bootstrapping problem? Here we list <a href="best-practices.html">best practices and practical examples</a> that can help you pull yourself up by your own bootstraps.</p><h2>Collaboration projects</h2><p>Solving bootstrapping problems in existing compilers and build systems requires collaboration. Here is a <a href="projects.html">list of long-term high-impact projects</a> that we would like to work on collaboratively.</p><p>More projects and status updates can be found <a href="">on the bootstrapping wiki</a>.</p><p>Join the <a href="who.html">mailing list</a> and/or the <a href=";channels=%23bootstrappable&amp;uio=d4">IRC channel #bootstrappable</a> on for news and communication!</p><h2>Further reading</h2><ul><li>Ken Thompson's acceptance speech for the 1983 Turing Award: <a href="">Reflections on trusting trust</a></li><li><a href="">Toy example of a subverted rust compiler</a></li><li><a href="">What is a coder's worst nightmare?</a></li><li><a href="">Defending Against Compiler-Based Backdoors</a></li><li><a href="">Deniable Backdoors Using Compiler Bugs</a></li></ul></div></div><footer>Made with <span class="highlight">♥</span> by <a href="/who.html">humans</a> and powered by <a href="">GNU Guile</a>. <a href="">Source code</a> under the <a href="">GNU AGPL</a>.</footer></body>

Pages: 1 2 3 4 5 6 7 8 9 10