« BackZig Reproduced Without Binariesjakstys.ltSubmitted by todsacerdoti a day ago
  • maxdamantus a day ago

    Thanks for addressing my concern! [0]

    Disclaimer: I don't know if my comment had anything to do with this post.

    On a more cynical note however, I guess this works because all of the other tools involved (eg, sha256sum, git, clang++, ... and maybe the OS and anything running under the same user) are not implemented in Zig, since if they were, they could be infected with the Ken Thompson Virus (referenced near the start of the article), affecting the checksum.

    [0] https://news.ycombinator.com/item?id=41364388

    • sevensor a day ago

      For me it’s equally about resilience as it is about trust. The more independent paths exist to a functioning software ecosystem, the better positioned we are to recover from disasters of all kinds that might fragment our software world: legal, technological, sociopolitical. Bootstrapping efforts really get at the root of the problem, so I’m always excited to see them.

    • sourcepluck a day ago

      Great! And wonderful to see people building off the excellent work by all the people involved in bootstrappability from the Guix world (the GNU Mes people, I suppose, in particular).

      • accelbred a day ago

        Nice! I was planning to try this at some point to bootstrap my environment, so nice to know its possible.

        • bjourne a day ago

          Why not use gnu cmp instead of sha256sum?

          • undefined a day ago
            [deleted]