zlacker

>>myster+(OP)
> With these changes and reinforcements, I believe the situation has been fully resolved. Fingers crossed.

I get that this is a difficult situation for a small developer, but ending with this line did not fill me with confidence that the problem is actually resolved and make me trust their software on my system.

>>dabina+vf
That's the most honest assessment you can expect from any small-scale developer. What do you expect them to say or do? Their adversary is presumably a national intelligence agency of a superpower.

The odds may be better if you operate the way OpenSSH does: move slow, security first, architect everything to be very difficult to attack. But if you're building a text editor, it's not your mindset, and probably never will be.

>>the_fa+hg
Yup, the only way to combat this as a smalltime dev would be to turn off auto updates and make people build from source.

>>xeroma+Oh
Why woul building from source be safer? Are you veting every single line of third-party source code you compile and use?

>>m-schu+lj
You're sure not vetting any byte of an executable, so building from source is safer.

>>g-b-r+1o
Binaries or source, it's pretty much the same unless you thoroughly vet the entire source code. Malicious code isn't advertised and commented and found by looking at a couple of functions. It's carefully hidden and obfuscated.

>>m-schu+FA
That's

However much the code is hidden and obfuscated, some parts of the source code are going to be looked upon.

For a binary, none, ever, except in the extremely rare case that someone disassembles and analyzes one version of it.

The fact that open-source doesn't coincide with security doesn't mean that it isn't beneficial to security.