starman@programming.dev to Technology@lemmy.worldEnglish · edit-21 年前Actually, Winamp is not going Open Sourceprogramming.devimagemessage-square98linkfedilinkarrow-up1666arrow-down110file-text
arrow-up1656arrow-down1imageActually, Winamp is not going Open Sourceprogramming.devstarman@programming.dev to Technology@lemmy.worldEnglish · edit-21 年前message-square98linkfedilinkfile-text
minus-squaresorghumlinkfedilinkEnglisharrow-up21·1 年前I look at ‘source available’ software as the right to review the code yourself to ensure there’s no malicious behavior, not for community development.
minus-squaresolrize@lemmy.worldlinkfedilinkEnglisharrow-up7arrow-down2·1 年前You mean if you build it yourself? I guess that is something, but it is still conceivable to sneak stuff in. Look at that xzlib backdoor from a few weeks ago.
minus-squarexavier666@lemm.eelinkfedilinkEnglisharrow-up1·1 年前Is there any way to verify that the product in deployment is built from the same source? I’m guessing hash values but I still think it can be faked.
I look at ‘source available’ software as the right to review the code yourself to ensure there’s no malicious behavior, not for community development.
You mean if you build it yourself? I guess that is something, but it is still conceivable to sneak stuff in. Look at that xzlib backdoor from a few weeks ago.
Is there any way to verify that the product in deployment is built from the same source? I’m guessing hash values but I still think it can be faked.