Refresher on gcc port and the executables

[Frank Schima]

On Sep 11, 2013, at 8:18 AM, Lawrence Velázquez <larryv at macports.org> wrote:

> On Sep 11, 2013, at 6:22 AM, Tabitha McNerney <tabithamc at gmail.com> wrote:
> 
>> What's preventing Apple from having a third party independent audit of their developer tools (which MacPorts depends on, and the rest of the world also depends on for a wide range of apps either for OS X or iOS)? Seriously, how hard would this be and I can't imagine it being a terrible expense to Apple to do this and show the world that its compilers are trojan free.
> 
> What's preventing them from doing it? Probably nothing. I can't imagine that there's very much proprietary code involved; the Apple LLVM Compiler is basically Clang.
> 
> Why aren't they doing it? Because no one is clamoring for it. From a practical perspective, why waste time and money on something no one's asking for?

Furthermore, Apple cannot pay for a 3rd party "independent" audit because people will accuse them of being biased. It would have to be truly independent of Apple and paid for by 3rd parties. Much like the FIPS 140-2 certification process [1] [2] is now. 


Cheers!
Frank

[1] <http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm>
[2] <http://en.wikipedia.org/wiki/FIPS_140-2>