Has the QubesOS project considered attacks on compilers in their threat modelling? Have they considered
employing Diverse Double-Compiling (DDC) to use two compilers (one of which has been reproducibly
built) to ensure source code matches the compiled machine code using two samples?
Build security generally is something we care about, but before going through DDC, there are several prerequisite steps, including making all the packages reproducible in the first place - some already are, but not all.
can deterministic builds take place more easily at the library dependency level before inclusion into a package?