Hacker News new | ask | show | jobs
by antris 2197 days ago
If you go down that road, you can make this argument infinitely. Even if you verify your builds, you cannot know if the software you are using to check the build isn't compromised. Or if you check the software you use to check the build, you have to check the software doing that check and so on.

Nothing makes software automatically super-crazy-secure. Absolute security doesn't exist.
1 comments
okamiueru 2197 days ago
You'd get close by doing all you mentioned, but also compiling and hosting the code and infrastructure yourself. Not often this is feasible.
link
antris 2195 days ago
You'd be still trusting the compiler. However many layers of checks you do, there's always something you need to trust.
link