Not just code quality but, when the product is derived from FOSS and you don't have reason to believe the vendor has ability to upstream bugdoors into the FOSS, significant benefits to the practicality of audit for bugdoors and unintentional added vulns.
Please think it through, someone you trust is giving you a binary and source code, but it's not reproducible. You're saying "I dOn'T hAvE tHe sOuRcE cOdE", I'm saying "They *gave* you the code, and you *wanted* to build it anyway? Why is the reproducibility important?"
-
-
I have thought this through and have already answered all these questions. It doesn't seem productive to keep repeating them.
-
You haven't answered the most important question. You have to build the code anyway, so why can't you just use the code *you* built? I'm asking because that's exactly what I do, and I want to know what the security threat to me is.
- 24 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

