Threat model change: Trust in source code is insufficient. Compilers can be self-reproducing Trojans (Stage 1: source, Stage 2: compiler, Stage 3: compiler’s compiler), so trusted code requires compiler trust. Attackers can infect the compiler to produce trusted malicious code.  

Defense strategy: Compile the target compiler using a trusted external compiler (e.g., assembly language). This breaks the trust chain—ensuring the compiler’s compiler is trusted (e.g., a compiler written in assembly, whose source is verifiable), then use this trusted compiler to compile all code. For example, boot from a known-good medium (e.g., floppy) to compile the compiler, isolating the compiler from the OS.  

*Paranoid but rational: Verify the compiler’s compiler. If you trust the source, you trust the compiler; but if you trust the compiler, you trust the code. Break the chain with a trusted external compiler.*