Can I trust downloading Python?
Chris Angelico
rosuav at gmail.com
Sun Sep 8 12:39:09 EDT 2013
On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel <chottel at earthlink.net> wrote:
> I think this article is relevant althought the code examples are not Python
> but C:
>
> http://cm.bell-labs.com/who/ken/trust.html
That is quite true, and yet not truly helpful here :) It's like
pointing out that we could be being fed false information, and then
suggesting that The Matrix is technically possible. Once you start
distrusting to that level, you become paranoid to a point that's
inappropriate to all but the most critical situations. I'd accept and
maybe even recommend that sort of paranoia if you're running a nuclear
power station, or an automated weapon system capable of firing
missiles that destroy the planet, or a bank that holds everyone's
money. For the average Joe, there's no point panicking.
Also: That hack works beautifully when there's precisely one C
compiler. In today's world, there are many (well known ones like gcc,
clang, MS Visual Studio (whatever the compiler from that is called),
and a bunch of lesser-known ones as well), and it's pretty easy to
just grab a different compiler and build. The chances that your code
will be falsely compiled by TWO compilers would have to be
infinitesimal, and you needn't stop at two. Since many people build
(to take one example) gcc from source, using an old version of gcc,
the hack would have to be propagated to all current gcc builds in some
way - you can't simply build once and install the binary as the
official C compiler, not in today's distributed society. (If you're
truly paranoid, you might believe that gcc has had the hack in it
since its inception. But some people build gcc using other compilers,
too.)
If you can't trust any code you didn't write yourself, you're left
with Rene Descartes' line "I think, therefore I am" - it's impossible
to prove anything else, since you can't trust your senses. So go
ahead! Distrust everything and use nothing. Or accept that, even if
you're the target of a huge conspiracy, it doesn't even matter,
because life still goes on :)
ChrisA
More information about the Python-list
mailing list