Has the QubesOS project considered attacks on compilers in their threat modelling? Have they considered
employing Diverse Double-Compiling (DDC) to use two compilers (one of which has been reproducibly
built) to ensure source code matches the compiled machine code using two samples?
This would probably be a question for @marmarek.
Build security generally is something we care about, but before going through DDC, there are several prerequisite steps, including making all the packages reproducible in the first place - some already are, but not all.
can deterministic builds take place more easily at the library dependency level before inclusion into a package?