GNU Mes 0.24 released
Orians, Jeremiah (DTMB)
OriansJ at michigan.gov
Mon May 9 20:22:21 UTC 2022
>> The common objection is: "you're building from source but you're not
>> gonna audit all that source code anyway, so why bother?" I think it's
>> akin to security by obscurity. That we collectively can and do fiddle
>> with all this code makes a practical difference; that this is all
>> transparent means that backdoors become harder to hide.
Well from root binaries to Gnu Mes (along with the extras such as sha256sum, ungz and untar) if printed on single sided paper at size 12 font would be only 171 pages.
So not that hard after all after that you can leverage sha256sums and chains of trust to do the rest
> I saw a project a while ago with an interesting approach that looks very interesting for tackling this problem: crowd-sourced, social code
> review:
> https://github.com/crev-dev/crev
Looks interesting
-Jeremiah
More information about the rb-general
mailing list