commit: 0c84954d9aa6c44556ca80bfc3d2492e8c57cd91
parent f069c7301da36def33004f9ca5abcc56794c65de
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Tue, 6 Dec 2022 13:15:10 +0100
notes/bootstrapping: Add some reasons
Diffstat:
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/notes/bootstrapping.shtml b/notes/bootstrapping.shtml
@@ -10,9 +10,23 @@
<h1>Bootstrapping</h1>
<ul>
<li><a href="https://bootstrappable.org/">Bootstrappable Builds</a></li>
- <li><a href="https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/">Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life</a></li>
- <li><a href="https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/">Reflections on Rusting Trust</a>: Proof of Concept, backdooring The One True Rust Compiler</li>
</ul>
+ <h2>Reasons</h2>
+ <dl>
+ <dt>Security</dt>
+ <dd>See <a href="https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/">Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life</a>.
+ And <a href="https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/">Reflections on Rusting Trust</a>: Proof of Concept, backdooring The One True Rust Compiler.
+ </dd>
+
+ <dt>Portability</dt>
+ <dd>Binary executables have much higher <a href="https://en.wikipedia.org/wiki/Software_rot">bitrot</a> than source code and keeping obsolete binary interfaces often means keeping known security issues.</dd>
+
+ <dt>Maintainability</dt>
+ <dd>By making sure someone else can actually continue maintaining the software, canonical versions or forks</dd>
+
+ <dt>Reproducibility's other side of the coin</dt>
+ <dd>One of <a href="https://reproducible-builds.org/">reproducibility</a>'s effect is allowing to audit source code instead of binaries, but said source code needs to be actually used.</dd>
+ </dl>
<h2>Tools</h2>
<ul>
