Bootstrappable builds


	Benefits
	Best Practices
	Projects
	Contact

Do you know how to make yoghurt?  The first step is to add yoghurt to milk!  How can you build a compiler like GCC?  The first step is to get a compiler that can compile the compiler.
Compilers are often written in the language they are compiling.
           This creates a chicken-and-egg problem that leads users and distributors to rely on opaque, pre-built binaries of those compilers that they use to build newer versions of the compiler.
To gain trust in our computing platforms, we need to be able to tell how each part was produced from source.
           We believe that opaque binaries are a threat to user security and user freedom since they are not auditable;
           our goal is to minimize the amount of bootstrap binaries.
Benefits
This is nice, but what are the actual benefits of “bootstrappable” implementations?
           Find out what additional benefits there are to achieving bootstrappable builds.
Best practices
Are you developing or contributing to software that is affected by the bootstrapping problem?
           Here we list best practices and practical examples
           that can help you pull yourself up by your own bootstraps.
Collaboration projects
Solving bootstrapping problems in existing compilers and build systems requires collaboration.
           Here is a list of long-term high-impact projects
           that we would like to work on collaboratively.
More projects and status updates can be found on the bootstrapping wiki.
Join the mailing list and/or the IRC channel #bootstrappable on freenode for news and communication!
Further reading
	Ken Thompson's acceptance speech for the 1983 Turing Award:
                Reflections on trusting trust
	Toy example of a subverted rust compiler
	What is a coder's worst nightmare?
	Defending Against Compiler-Based Backdoors
	Deniable Backdoors Using Compiler Bugs



Made with ♥ by humans and powered by GNU Guile.  Source code under the GNU AGPL.