I’m not sure that the Ken Thompson type of backdoor is even on the radar as an urgent enough threat to be worth worrying about at this point. I mean, it’s fine, but the boot-i-est of bootstraps at this point is the network hardware that’s running the network you are trying to secure, and most of it is riddled with holes which are likely to largely undo whatever you’re trying to do sad to say.
It only takes one secure system to setup a secure network if one physically has control over the hardware, fiber optic cables need only be trusted to carry encrypted data and be monitored for physical tampering
Funny, they were handed a secure bootstrap thanks to gnu guix and stage0; yet choose not to just rebootstrap their shit from trusted source code.
Boots into secure bootstrap
npm installI’m not sure that the Ken Thompson type of backdoor is even on the radar as an urgent enough threat to be worth worrying about at this point. I mean, it’s fine, but the boot-i-est of bootstraps at this point is the network hardware that’s running the network you are trying to secure, and most of it is riddled with holes which are likely to largely undo whatever you’re trying to do sad to say.
It only takes one secure system to setup a secure network if one physically has control over the hardware, fiber optic cables need only be trusted to carry encrypted data and be monitored for physical tampering