Hacker News new | ask | show | jobs
by bisRepetita 1495 days ago
Yes, but the website owner can change its source code at any time, and even serve differently JS for each user, puting the entire responsibility on the user shoulder to check the code behavior all the time.

It's not as demanding with an open source app with distributed source code and versioning.

So I don't understand the snark, and how it is helpful.
1 comments
httpsterio 1495 days ago
Same goes for open source builds, you have to either build it yourself or trust the supplied builds.
link
Hallucinaut 1495 days ago
Those aren't really the only two options though, are they? If you don't trust software you can run it air-gapped or in an internet-free sandbox.

Moreover good luck trying to verify that everything a website does on the server side is unchanged compared to a binary that's been built locally once.

link
pabs3 1494 days ago
It is also possible to trust anyone who has verified the build is reproducible:

https://reproducible-builds.org/

link
SemanticStrengh 1495 days ago
reproducible builds are a thing but yeah no easy solution out there for binary/code authenticity
link