|
|
|
|
|
|
by nicce
798 days ago
|
|
|
If you install binary blob from the internet, you trust exactly one person and no way to verify if binary matches the source. If you build with cargo, you can at least verify that the current source matches the binary and the trust of the dependencies is decentralized, with many eyes on them. There are better ways, but these better ways just use different package managers.
The above is no different than any ”build from source” method. |
|
|