[zapps-wg] Cut-off date for Powers of Tau Contributions
Peter Todd
pete at petertodd.org
Fri Mar 9 13:06:17 EST 2018
On Fri, Mar 09, 2018 at 04:49:37PM +0000, Devrandom wrote:
> Hi all,
>
> I have some concerns about the lack of diversity of contributions:
>
> - most (all?) of the contributions used a distributed Rust toolchain, which
> suffers from the "trusting-trust" issue since they are self-compiled. I
> don't think I've seen any contributions using the mrustc build path.
> - there were very few contributions (two?) using the golang implementation
> - no attempt has been made to replicate the deterministic golang build
> - people did not capture the binary they used, so we can't do forensics in
> case of future questions
> - there were no contributions using alternative processor architectures
> (e.g. ARM64). I believe this is possible using the golang implementation.
> - there was a lot of focus on destroying toxic waste and not enough on the
> trustworthiness of the tools
I agree with all these points, particularly the latter: we should be focused on
genuine security, not flashy marketing stunts. (indeed, I regret the way my own
participation was marketted the last time around)
--
https://petertodd.org 'peter'[:-1]@petertodd.org
Type: application/pgp-signature
Size: 614 bytes
Desc: Digital signature
URL: </pipermail/zapps-wg/attachments/20180309/98eaae54/attachment.sig>
More information about the zapps-wg
mailing list