Open Source Software connection

I was skeptical about this at first, having been seduced by the the perfection of the original "Trusting trust" paper.

"Trusting trust" says you can't trust a single compiler, even if you have the source code. This work shows you can test a pair of compilers for trustworthiness - *provided* they are independent. (They may both be malicious, but you can tell if they are malicious in different ways)...

From where I'm standing, this doesn't automatically rule out that Ken Thompson has recursively back-doored every single compiler in modern use. It would require amazing foresight, but I don't like to rule it out. But what it does say is that if I can bootstrap a hack of a compiler by myself, however slow and sub-optimal it may be, I can then use it test for back-doors in the current whiz-bang generation of compilers.