[eatenbyagrue]

It's not completely accurate to say source code is useless. While I agree that it's not particularly useful to steal code with the aim of replicating functionality, security is another thing. All it takes is a few lines of rogue code slipped into your repo to, say, log everyone's personal info and send it to Estonia. (no offense to any Estonians on the board)

[risotto]

Oh, great call. The possibility of an unauthorized person injecting code could be disastrous.

Presumably, if you're security conscious, someone reviews all patches before they make it anywhere near shipping. But obviously that is not foolproof.

But then, what would happen if, say, someone went through the backdoor on github and patched a binary and modified the commit log to cover his tracks.

Hopefully git would fail loudly when you pull?

[turbinemonkey]

I have to think so -- you can patch binaries and modify commit logs all you want, but patches are still being applied in sequence, locally, when you pull. If the hashes don't match, boom.

But then, can those hashes be swapped out? We need hashes on the hashes! :-P