Hacker News new | ask | show | jobs
by g-b-r 143 days ago
You're sure not vetting any byte of an executable, so building from source is safer.
1 comments
m-schuetz 142 days ago
Binaries or source, it's pretty much the same unless you thoroughly vet the entire source code. Malicious code isn't advertised and commented and found by looking at a couple of functions. It's carefully hidden and obfuscated.
link
g-b-r 142 days ago
That's

However much the code is hidden and obfuscated, some parts of the source code are going to be looked upon.

For a binary, none, ever, except in the extremely rare case that someone disassembles and analyzes one version of it.

The fact that open-source doesn't coincide with security doesn't mean that it isn't beneficial to security.

link