On Sat, Feb 27, 2016 at 12:19:04AM +0100, Ludovic Courtès wrote: > I prefer to change those binaries as rarely as possible. Intuitively > (and unscientifically), it gives more confidence to keep using the same > old binaries wrt. Ken Thompson attacks.
I'm not sure about that, if we could establish the binaries could be reproducibly built using the current bootstrap binaries it sounds like it could be fine. Having reproducible bootstrap binaries seems like something incredibly useful especially for packagers that for whatever reason want to verify that the binaries can be built with Guix before signing them. > Ludo’. Jookia.
