[HN Gopher] Running the "Reflections on Trusting Trust" Compiler...
       ___________________________________________________________________
        
       Running the "Reflections on Trusting Trust" Compiler (2023)
        
       Author : naves
       Score  : 108 points
       Date   : 2025-11-16 13:59 UTC (9 hours ago)
        
 (HTM) web link (research.swtch.com)
 (TXT) w3m dump (research.swtch.com)
        
       | EvanAnderson wrote:
       | (2023)
       | 
       | Discussion at the time:
       | https://news.ycombinator.com/item?id=38020792
        
       | riemannzeta wrote:
       | Reflections on Trusting "Reflections on Trusting Trust"?
        
       | Y_Y wrote:
       | Would be fun to see if an llm could produce this (assuming tfa
       | and other solutions weren't present in the training data).
        
       | kpcyrd wrote:
       | > Even when source is available, as in open source operating
       | systems like Linux, approximately no one checks that the
       | distributed binaries match the source code.
       | 
       | This was not the case in 2023 for Arch Linux[1] back when the
       | post was originally published, and is also not the case for
       | Debian[2] since 2024.
       | 
       | [1]: https://reproducible.archlinux.org/
       | 
       | [2]: https://reproduce.debian.net/
        
       | lrvick wrote:
       | My team and I built stagex as the first software build toolchain
       | that internally mandates 100% determinism and full source
       | bootstrapping. It is explicitly designed for supply chain
       | security to trust no single human or computer.
       | 
       | Also container native and soon to be LLVM native.
       | 
       | It is our best answer so far to the ROTT paper.
       | 
       | https://codeberg.org/stagex/stagex
        
       ___________________________________________________________________
       (page generated 2025-11-16 23:00 UTC)