starman@programming.dev to Technology@lemmy.worldEnglish · edit-25 months agoActually, Winamp is not going Open Sourceprogramming.devimagemessage-square25fedilinkarrow-up19arrow-down10file-text
arrow-up19arrow-down1imageActually, Winamp is not going Open Sourceprogramming.devstarman@programming.dev to Technology@lemmy.worldEnglish · edit-25 months agomessage-square25fedilinkfile-text
minus-squaresorghum@sh.itjust.workslinkfedilinkEnglisharrow-up1·5 months agoI look at ‘source available’ software as the right to review the code yourself to ensure there’s no malicious behavior, not for community development.
minus-squarexavier666@lemm.eelinkfedilinkEnglisharrow-up1·5 months agoIs there any way to verify that the product in deployment is built from the same source? I’m guessing hash values but I still think it can be faked.
minus-squaresolrize@lemmy.worldlinkfedilinkEnglisharrow-up1·5 months agoYou mean if you build it yourself? I guess that is something, but it is still conceivable to sneak stuff in. Look at that xzlib backdoor from a few weeks ago.
I look at ‘source available’ software as the right to review the code yourself to ensure there’s no malicious behavior, not for community development.
Is there any way to verify that the product in deployment is built from the same source? I’m guessing hash values but I still think it can be faked.
You mean if you build it yourself? I guess that is something, but it is still conceivable to sneak stuff in. Look at that xzlib backdoor from a few weeks ago.