top | item 39754187

(no title)

Thanks for raising this. I hadn't anticipated this as a major concern. Is your main concern that you can't see the compiler code -- in which case would it help if the the source were available? Or is it even more than that, that you want to ensure that your build outputs are untampered and verifiably produced by a (deterministic) compiler?

I wonder though, would you trust remote CI/CD servers or Intel's proprietary C++ compiler (https://news.ycombinator.com/item?id=12363973)?

discuss

CJefferson|1 year ago

Often during early development I don’t want to share my code with others. Obviously a compiler on my machine could make a secret internet connection, but I guess that would be noticed, and certainly couldn’t be later denied.

Can I be at all sure you aren’t keeping a copy of all source you are ever submitted?

Usually I eventually submit to GitHub, then CI occurs, and all is public. However, only getting fast building on CI doesn’t motivate me that much, I don’t care if I burn GitHub/Microsoft’s CPU cycles as much as I mind about my own :)

kapilsinha|1 year ago

Gotcha, I respect that. With a few privacy-minded devs like you, I have offered them a custom compiler toolchain (and happy to make the source available) that they can "self-host". If you are interested in trying it out, I'd be happy to get you set up.