|
|
|
|
|
|
by rmbyrro
993 days ago
|
|
|
Wouldn't it be relatively trivial for someone to compile, compare checksums and call them out? It's more likely they'd introduce a security flaw that is hard to detect in the OSS code. If someone finds, they'd just claim it was a security incident which is now fixed (and then they'd move to another masked flaw). |
|
|
Generally not. Most software does not have reproducible builds, so the checksums would be unlikely to match.