Author: Chris Angelico
Created at: 2025-11-17 21:49
Number: 31
Clean content: Emma Smith: Rosuav: More seriously though: Rust has been a focus for a lot of controversy and risk, with massive open questions such as the impact of a potential Ken Thompson style compiler hack . Will CPython lose trust by becoming dependent on a single specific compiler that might be subject to such a hack? I’m not familiar with the risks you speak of. As David Hewitt points out, there is a work in progress implementation using gcc, so while there is currently one compiler, that will not remain the case. The risk, in short, is that rustc could easily include all kinds of code that isn’t obvious to an outside auditor. Ken Thompson demonstrated this using a hack that created a login back door; the same thing could infect a more modern system by secretly downgrading TLS in some way, making it possible for a third party to snoop supposedly-encrypted connections. Perhaps in the future this won’t be as much of a consideration, but that would be then, and this is now. Right now, how can we trust rust? How can we know that a Ken Thompson-style hack hasn’t already been done? How do we ensure that one won’t happen in the future? These are not merely academic questions. Python is a well-trusted language used extensively across the internet; if someone with a strong agenda decided to target it, it would be an absolute catastrophe, not least because of how insidious it would be.
