|
|
|
|
|
|
by decasia
4106 days ago
|
|
|
Neat question. I guess there are really two separate things a user could want to verify: * the application isn't broken/still fulfills its API contract * the application isn't compromised in a malicious way As far as the first point, I wonder if it could be possible for users to run some sort of a test suite against the public API? Like a crowd-sourced test suite that verifies that production server behavior is still as advertised. The second point I think can only be partially addressed by partial methods, since it's impossible to guarantee that some sneaky compromise hasn't happened. But you could allow outside auditing, let people have some form of read-only access to the directory tree that stores the code (if it's separate from the config), etc. |
|
|