zlacker

[parent] [thread] 6 comments
1. xeroma+(OP)[view] [source] 2026-02-02 05:10:03
Yup, the only way to combat this as a smalltime dev would be to turn off auto updates and make people build from source.
replies(2): >>tjwebb+11 >>m-schu+x1
2. tjwebb+11[view] [source] 2026-02-02 05:20:00
>>xeroma+(OP)
yea `curl <url> | gcc` is much safer...
replies(1): >>trympe+V3
3. m-schu+x1[view] [source] 2026-02-02 05:26:33
>>xeroma+(OP)
Why woul building from source be safer? Are you veting every single line of third-party source code you compile and use?
replies(1): >>g-b-r+d6
◧◩
4. trympe+V3[view] [source] [discussion] 2026-02-02 05:59:00
>>tjwebb+11
Security through ..rarity? Maybe not for nation state actors though.
◧◩
5. g-b-r+d6[view] [source] [discussion] 2026-02-02 06:22:41
>>m-schu+x1
You're sure not vetting any byte of an executable, so building from source is safer.
replies(1): >>m-schu+Ri
◧◩◪
6. m-schu+Ri[view] [source] [discussion] 2026-02-02 08:47:28
>>g-b-r+d6
Binaries or source, it's pretty much the same unless you thoroughly vet the entire source code. Malicious code isn't advertised and commented and found by looking at a couple of functions. It's carefully hidden and obfuscated.
replies(1): >>g-b-r+sm
◧◩◪◨
7. g-b-r+sm[view] [source] [discussion] 2026-02-02 09:28:53
>>m-schu+Ri
That's

However much the code is hidden and obfuscated, some parts of the source code are going to be looked upon.

For a binary, none, ever, except in the extremely rare case that someone disassembles and analyzes one version of it.

The fact that open-source doesn't coincide with security doesn't mean that it isn't beneficial to security.

[go to top]