Y
Hacker News
new
|
ask
|
show
|
jobs
by
tom1337
10 days ago
but how can you verify that the prebuilt binaries aren’t compromised?
2 comments
voidUpdate
9 days ago
Out of interest, do you verify that every single binary file on your machine isn't compromised? All the packages coming from your package manager?
link
tom1337
9 days ago
I absolutely don't. I even sometimes use "curl | bash" to install new things on my machine because most of the time it's easy and I tend to trust the authors.
My point was just that I don't think moving to pre-built binaries solves this issue.
link
jcupitt
9 days ago
sharp downloads over https and checks the sha256 (I think?) of the archive.
link