Hacker News new | ask | show | jobs
by markjonsona989 993 days ago
How are they hurting western businesses by releasing OSS? We already have LibreOffice. What is the point of your comment?
1 comments
dingi 993 days ago
Sure, they are OSS but how do you know what goes into their binaries? Being open source does not imply that the binaries are not backdoored.
link
rmbyrro 993 days ago
Wouldn't it be relatively trivial for someone to compile, compare checksums and call them out?

It's more likely they'd introduce a security flaw that is hard to detect in the OSS code. If someone finds, they'd just claim it was a security incident which is now fixed (and then they'd move to another masked flaw).

link
nicoburns 993 days ago
> Wouldn't it be relatively trivial for someone to compile, compare checksums and call them out?

Generally not. Most software does not have reproducible builds, so the checksums would be unlikely to match.

link
robertlagrant 993 days ago
> Sure, they are OSS but how do you know what goes into their binaries? Being open source does not imply that the binaries are not backdoored.

Then build your own binaries. I'm sure the Russian government wouldn't struggle to do this.

link