[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: GNU Mes 0.24 released
From: |
Orians, Jeremiah (DTMB) |
Subject: |
RE: GNU Mes 0.24 released |
Date: |
Mon, 9 May 2022 20:22:21 +0000 |
>> The common objection is: "you're building from source but you're not
>> gonna audit all that source code anyway, so why bother?" I think it's
>> akin to security by obscurity. That we collectively can and do fiddle
>> with all this code makes a practical difference; that this is all
>> transparent means that backdoors become harder to hide.
Well from root binaries to Gnu Mes (along with the extras such as sha256sum,
ungz and untar) if printed on single sided paper at size 12 font would be only
171 pages.
So not that hard after all after that you can leverage sha256sums and chains of
trust to do the rest
> I saw a project a while ago with an interesting approach that looks very
> interesting for tackling this problem: crowd-sourced, social code
> review:
> https://github.com/crev-dev/crev
Looks interesting
-Jeremiah