compiling from source is no different if you don’t have the time/inclination/knowledge to thoroughly vet it – and who does?
-
-
-
vet it, and your compiler, and the toolchain and all the libraries…
- Show replies
New conversation -
-
-
... or anyone from https://reproducible-builds.org/ .
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Yes, the many eyes idea is fallacious. But, the track record of OSS vs. closed handling of security flaws begs to differ.
-
Your entire position is a big "goto fail".
End of conversation
New conversation -
-
-
oh no, I always install via curl | sudo bash It's the only way to be safe these days!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
You can inspect compiled binaries, too. You have to do it for security-critical software anyways, even if you have the source code.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
But people don't unless they're paid to. That's the lesson of Heartbleed and Shellshock.
-
This is nonsense. At the same time paid and non-paid folks have found dozens of other bugs.
- Show replies
New conversation -
-
-
no. Signal being made by competent people, and audited and vetted by crypto experts, is the advantage
-
Also publicly recognizable & accountable devs. For all we know, same could be true of TrueCrypt, but there was no way to know
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.