Right, but because you have to trust the vendor anyway, they don't need to make the source/seeds public. For example, they could hire an auditor to verify and you can trust them that they're telling the truth, and you get the same benefit?
For example, you might trust a vendor to not provide you malicious software, but not trust they're not maliciously lying about how they produced that software? Can you see why I think that's a weak argument?
-
-
I think you're saying they might not be *lying*, they genuinely thought they had hired someone to check the integrity of their build server? I agree that is in the realm of things that could theoretically happen, but you agree it's a weak justification?
- 5 more replies
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
