no, a security expert that gets the source code of an application to verify his organization should, in fact, use e.g. that e2e crypto messenger, does a build, build matches what's on app store, expert says "is OK", admins/users deploy/install now officially trusted software.
I'm not ignoring what you're saying. You're adding arbitrary restrictions, I asked "Can't you just use the binary you built?", No, apparently "It's not 1999, I can't build it, I need someone else to", "Why can't you use their binary?" "I don't trust them"...?!
-
-
I answered all of that. We can't use the binary we built, because we are not the end user, who depends on our audit, nor the vendor, with the power to upload a binary. 1/n
-
"why can't you use their binary", because the end user can't have trust in that which was audited is identical to what has been downloaded in binary form 2/2
- 26 more replies
New conversation -
-
-
cd /usr/ports/foobar && make install That works well for most software. (BTW wow - this thread is still alive :-)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.