zlacker

[parent] [thread] 2 comments
1. thepti+(OP)[view] [source] 2021-04-07 19:31:37
There's no concern about metadata leakage?
replies(1): >>outime+Gi
2. outime+Gi[view] [source] 2021-04-07 20:50:10
>>thepti+(OP)
Even if you have access to an up-to-date source code it doesn't guarantee at all they'd be running a completely different version if so they wish. I mean this have just happened yet this question kind of implies you'd still trust such entity to run the server from the source code you have access to. I hope this collective illusion dies already.
replies(1): >>thepti+rR
◧◩
3. thepti+rR[view] [source] [discussion] 2021-04-07 23:58:40
>>outime+Gi
True, neither the absence of an identified vuln in published source code, nor the absence of published source code can guarantee that you don't have vulns. And sure, a bad-faith operator can always back-door the server and run different code.

But, a good-faith operator can find and fix bugs faster if they operate in the open and in collaboration with the community. "Given enough eyeballs, all bugs are shallow" etc.

[go to top]