[Mono-list] [OT] Bootstrapping CVS mono and mcs

Hellspong Martin martin.hellspong@softronic.se
Fri, 6 Sep 2002 13:17:02 +0200


> > Building the class libraries on linux is currectly a bit of a black 
> > art sue to the dependancies between the compiler and the runtime.

A bit off-topic perhaps, but still; 

"Reflections on Trusting Trust" (http://www.acm.org/classics/sep95/) is an
old (-84), but interesting article by Ken Thompson on the issue of the
"chicken and egg" problem of compilers written and compiled in their own
language, and goes on proving the possibility of inserting hard-to-detect
"trojans" in the compiler binary without them showing up in the compiler
source code, not even in the exact same source used to compile the binary!

Thompson: - "The moral is obvious. You can't trust code that you did not
totally create yourself. ... No amount of source-level verification or
scrutiny will protect you from using untrusted code."

It has interesting implications on the actual "openness" of open source,
which of course is totally off-topic on this list.

/Martin