Hacker News new | past | comments | ask | show | jobs | submit login

So does this mean that we can put to rest the 'trusting trust' paradigm? As in, use 8cc to bootstrap our way into compiling gcc without using gcc?



Indeed, a small trusted compiler is part of the solution. There's still some subtlety in how you use it, though: http://www.dwheeler.com/trusting-trust/dissertation/html/whe...


Only if your version of the 8cc binary doesn't have GCC in it's compiler heritage, which it probably does.

The blog actually goes into this a bit, stating that the byte-value of '\n' never occurs in the source-code of 8cc. Instead, that value comes from gcc. It is entirely possible that gcc has the same property, eventually the source could be a hand-written compiler.

Really, to get around trusting trust, you need a compiler who's entire lineage you know (up to the hand-written compiler) and trust.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: