Re: oaklisp: contains 500kB binary in source

To: debian-legal@lists.debian.org
Subject: Re: oaklisp: contains 500kB binary in source
From: Marco Franzen <Marco.Franzen@bigfoot.com>
Date: Mon, 14 Jun 2004 01:10:41 +0100
Message-id: <[🔎] 40CCED01.2040703@localhost>
In-reply-to: <[🔎] 20040613123254.X1892@links.magenta.com>
References: <[🔎] E1BXhAe-0007tI-5X@snot.cs.unm.edu> <[🔎] 40CC7009.10400@localhost> <[🔎] 20040613123254.X1892@links.magenta.com>

[Sorry about the long lines in my earlier post,
 thanks for wrapping them, Raul.]

Raul Miller wrote:

On Sun, Jun 13, 2004 at 04:17:29PM +0100, Marco Franzen wrote:

To understand what I mean, you may want to read Ken Thompson's oldarticle[0] on how to hide a Trojan Horse in a compiler without it beingpresent in its "source" at all - just provided you bootstrap it with agiven binary that already contains the Trojan Horse.

Unless/until it can be proved that the binary's behaviour is acuratelydescribed by its (alleged) source, it is unclear whether its (true)source is provided or missing. Erring on the side of caution, it wouldneed to be ruled non-free.
The source (with the bootstrap binary removed) could therefore be atmost contrib.
How is this different from glibc?


Technically, you don't need a glibc binary to produce a glibc binary.
You can produce it on existing platforms (free and non-free ones) that
do not use glibc (and in whose ancestorship glibc was never used).

Ok, I'm told it's possible to build glibc under bsd's libc, butare we doing that?


It does not need to be done on each build. The freeness issue goes away
(together with the related potential security problem), once it is
established that the alleged source is truely the source, in the sense
that it accurately describes the behaviour of the binary.

(The proof could even be allowed to use non-free tools where we can
trust them, and if it's only for a proof.)

If oaklisp's binary can be built under some other
lisp implementation, is that sufficient?


If an unrelated (and "trustworthy") lisp implementation produced the
same binary, then that would certainly be proof enough (possibly even
if the other lisp implementation was not free).

Alternatively, if the binary was produced by another lisp implementation
that has already been (correctly) proved to be free, that would also be
fine.

If producing the binary requires lots of arcane features that are not
present in any other lisp implementation, then, until an acceptable
bootstrap path is shown, that is a problem - for both freeness and
security.

What does "bootstrap from scratch" mean?


I mean an "acceptable" bootstrap path. As Florian said earlier, it needs
to be decided on a case-by-case basis - with [0] in mind.

> Is it more important for oaklisp than glibc?

It is important for both. I could turn it around:
If glibc binaries really had virus that were not it its source,
and if that could have been avoided by more painful bootstrapping,
would that mean clean oaklisp bootstrapping should not be required?

(Of course oaklisp would be the least of our problems then.)

[You snipped this, probably because it was in .sig position:]
>>[0] http://www.acm.org/classics/sep95/

Marco

Reply to:

Follow-Ups:
- Re: oaklisp: contains 500kB binary in source
  - From: Barak Pearlmutter <barak@cs.may.ie>

References:
- Re: oaklisp: contains 500kB binary in source
  - From: Barak Pearlmutter <barak@cs.may.ie>
- Re: oaklisp: contains 500kB binary in source
  - From: Marco Franzen <Marco.Franzen@bigfoot.com>
- Re: oaklisp: contains 500kB binary in source
  - From: Raul Miller <moth@debian.org>

Prev by Date: Re: Draft Summary: MPL is not DFSG free
Next by Date: Re: oaklisp: contains 500kB binary in source
Previous by thread: Re: oaklisp: contains 500kB binary in source
Next by thread: Re: oaklisp: contains 500kB binary in source
Index(es):
- Date
- Thread