|
|
|
|
|
|
by barkingcat
1802 days ago
|
|
|
I would expect there to be self-mutating code such that when the open source code is compiled with a particular compiler it activates a different code path (written into the compiler itself) such that the final resulting binary does not correspond to the source code if it were compiled with another compiler. And if this resulting binary is distributed, audits of the source code wouldn't catch these modifications. |
|
|
2) The binary (or jar) can't lie about what it contains. Take it into an air gap and reverse engineer it, what's there is there. This includes compilers.
3) see posters comment about the impracticality of stopping someone with the money, talent, skills, and patience of the NSA :)