Embed Notice

@amszmidt @vagrantc @ekaitz_zarraga @loke how is shipping mysterious bootstrapping binaries to users not concerning regarding their freedom, especially given that Ken Thompson first became aware of the trusting attack via Air Force research?

This isn't to downplay the work of the free software movement, because this is a advancement of the free software movement. It strengthens and upholds all the advancements of the free software movement's past. But to assume that software freedom has existed in some static sense, rather than seeing software freedom as a continuous struggle towards the guarantee of freedom for *all* computer users, which will always remain a concern insofar as people are computing, I think is mistaken.

Bootstrappable builds advance users freedom significantly, and sets a higher standard of what qualifies as essential for ensuring your users freedom. Reproducible builds sets a new bar for how software should be distributed, and I do not believe that every software user needs to be taking the time to build their entire stack from source (but everyone who wants to should remain able to, of course). The combination is elegant and reasonable; one doesn't need to be a scientist to become confident in how things work after a bit of study. Delivering source code with a make script is subpar when the user has no means of auditing the compilers complete source.