Gentoo linux is actually based on non-free software: gcc

gentoo linux is actually based on non-free software: gcc.

the gcc source code isn't enough to compile gcc: you already need a precompiled gcc binary and there's no way to make that without gcc.

The CIA could easily infect that binary with a virus too. and guess what, it's used to build every program on your entire system. How do you know it's not putting keyloggers or backdoors into your music player etc.

tldr: If you use gentoo you depend on unaudited binaries that you got from "somewhere", theres no way to prove they aren't infected.

Other urls found in this thread:

phoronix.com/scan.php?page=news_item&px=MTE1OTg
youtube.com/watch?v=jskq3-lpQnE
twitter.com/NSFWRedditVideo

>he doesn't compile by hand

phoronix.com/scan.php?page=news_item&px=MTE1OTg

good luck buddy

then use musl or uclibc

>the gcc source isn't enough to compile GCC
Spotted someone who doesn't use gentoo and doesn't know about self-hosting compilers, which is gcc one of.

musl and ulibc are completely different things and have nothing to do with what OP shitposted about.

to compile gcc you need:

GCC BINARY + GCC SOURCE

you cant do it with just gcc source code

>gentoo linux is actually based on non-free software

nobody claims otherwise

>gcc

gcc *is* free software you dumb shit

>the gcc source code isn't enough to compile gcc: you already need a precompiled gcc binary and there's no way to make that without gcc.

yes yes the age old question of what came first, the program or the compiler, the answer is other compilers came first which bootstrapped compiling gcc until gcc was self hosting as points out

"b-but how did the first compilers come about?"; they were compiled by hand

nonfree (trusted) compiler > free source (gcc) > gcc binary > free source (gcc) > free gcc binary

auditing the final binary is as easy as having two or more different initial compilers where only one ever needs to be trusted insofar as they're not all infected with the exact same virus, otherwise none of them need to be trusted to produce a trusted final gcc binary

>The CIA could easily infect that binary with a virus too.

how are they going to do this, exactly? gcc from gentoo is going to be about as trusted as gcc from literally any other distro, and sources obtained through portage are all signed, so the only way to infect the local copy of gcc is through already having privileged access, and if they have local access why the fuck would they be interested in performing a niche complicated attack that is just as susceptible to a clean reinstall as literally anything else?

>How do you know it's not putting keyloggers or backdoors into your music player etc.

>how do I security audit, mom?

this is by far the dumbest interpretation of the chain of trust issue I've ever seen, I wish the mods would do something about the 12 year olds on the board

(as a note gentoo is more susceptible to type of attack but the attack is irrelevant if they need privileged access in the first place)

Typical Sup Forums user nowadays: falls for any meme, pretends to be a privacy purist and most importantly, doesn't have a single fucking clue of what he's talking about.

Glad there are still people like and or the board could easily be replaced with "screenfetch general" or some shit.

>no way to prove they aren't infected
Well, compile gcc with any other available compiler (there are many), then compile GCC again with the resulting binary from the previous step. Then, compare hashes of the resulting binary. Hashes should be the same, if they are, then gcc is uninfected. Unless, the CIA infected all compilers in the world. In which case, you could compile by hand and check the hash again.

name one person who actually does this
name one compiler which is actually capable of doing this

>Rehashing Trusting Trust

I once read something on the Gentoo wiki talking about this exact issue and how to "fix" it. Can't find the link now, though.

Well if you're REALLY concerned about this, you'd do it.
I don't see which of the discussed points a compiler wouldn't be able to do.

I want to do it

sure beats trying to figure out how to win in dorf fortrress

The binaries would be different
>unrelated: solve 6 fucking captchas before the "verify" because we control fucking everything and you can't avoid us

>name one compiler capable of doing this
Doing what? Compiling? All of them. Hashing? None of them.
Geez, it's like
>cut a loaf of bread, then measure it's thickness
>name one knife which is actually capable of measuring bread's thickness

They would if it is compiled with position independent code and/or stack randomization, I believe

>you need a compiler to compile source code
really made me think

Compiling gcc.

Lmao, gcc is just a program written in C. Therefore, any compiler capable of compiling C code is capable of compiling gcc.

nice b8

>grsec is gone
>more exploits in Linux than any other OS
Why would they need to backdoor GCC again?

so innocent...

more exploits FOUND AND FIXED than any other OS

>more exploits FOUND
Not a good indicator of the quality of the code.

it means more work is being put into making it secure

>it means more work is being put into making it secure
You mean like grsec going private?

grsecurity is for script kiddies and is totally irrelevant to this discussion

>grsecurity is for script kiddies
You're a fucking retard. grsec was the only thing that gave shitnux 20th century security.

I have a low opinion of Gentoo GNU/Linux.

Gentoo is a GNU/Linux distribution, but its developers don't recognize this; they call it "Gentoo Linux". That means they are treating me and the GNU Project disresepectfully.

More importantly, Gentoo steers the user towards nonfree programs, which is why it is not one of our recognized free distros.

youtube.com/watch?v=jskq3-lpQnE *autistic screetching*

no, GCC has a load of shit gnu extensions
GCC needs the extensions to build
you can only build GCC with GCC or clang