Hacker News new | ask | show | jobs
by rstuart4133 2238 days ago
There are two sides to trusting the covid-19 app. One is the technical side those people are commenting on. Technical deficiencies can be fixed, and more to the point will be fixed if you just keep shining some light on them as they are doing.

The other side is trusting the government to keep it's promises. During this covid-19 crisis I do trust them, but in the longer term their record of keeping promises has been less than stellar. Frankly, keeping this app or any app of theirs installed over a few years on the basis them promising not to missuse the data is downright foolish given their past history. Such promises tend to become null and void at the next election.

But right now we have no choice - it's either take them at their word, or don't install the app. Yes, we can do what the gang of four above have done and de-compile it, but that takes a huge amount of effort that has to be repeated every new release. That effort isn't going to continue. If it doesn't continue the light doesn't continue to shine on it's technical deficiencies, and so they won't be fixed.

But - that can change with a few simple and cheap changes to the way the government does things. All they have to do is release the source to a public repository before they release the binary and have a reproducible build. Do that lots of things become much easier. Checking what the commented source does as opposed decompiled output is much easier, checking just the differences in source between one version and the next is much, much easier than checking the entire thing, using reproducible build to allow you to check the source rather than decompiled output is very much easier. Do that, and the light on the technical deficiencies will stay on forever.

Implementing those inexpensive and straightforward things has anther wonderful emergent properties aside from the technical deficiencies being fixed: you suddenly don't have to trust the government, you can trust the code instead.

But no one seems to focus on changes to the overall process. Instead it's essentially nit picking on how the app does things today. It's an unfortunate focus.