|
|
|
|
|
|
by kasey_junk
3732 days ago
|
|
|
I think the argument (one I'm not expert to make) is that the source may or may not be helpful to someone who is competent enough to validate a encrypted message application, but it is not what you need to verify. You must verify the binary because you cannot trust the source, so it is a basic skill of anyone who has the competency to validate an encrypted message application. Now, its possible, that the source along with repeatable builds make verifying the binary easier for someone with the skills necessary, but even with those things, they still have to verify the binary. |
|
|