zlacker

[parent] [thread] 1 comments
1. outime+(OP)[view] [source] 2021-04-07 20:50:10
Even if you have access to an up-to-date source code it doesn't guarantee at all they'd be running a completely different version if so they wish. I mean this have just happened yet this question kind of implies you'd still trust such entity to run the server from the source code you have access to. I hope this collective illusion dies already.
replies(1): >>thepti+Ly
2. thepti+Ly[view] [source] 2021-04-07 23:58:40
>>outime+(OP)
True, neither the absence of an identified vuln in published source code, nor the absence of published source code can guarantee that you don't have vulns. And sure, a bad-faith operator can always back-door the server and run different code.

But, a good-faith operator can find and fix bugs faster if they operate in the open and in collaboration with the community. "Given enough eyeballs, all bugs are shallow" etc.

[go to top]