I'm genuinely curious: Do you check/audit the code you compile and run on your machine? Going with the assumption of "no": How is it then different than downloading a prebuilt version from an official source?
I should say, I will run binaries on VMs and feel very little threat from doing so. The "with no exceptions" referred to the main host OS. I should have been more clear about that.
To answer your questions, oh hell no; definitely I do not audit source code myself. Though I have rarely. I do it this way, and it is different enough for me, because someone could audit the source in theory. If someone did audit and found a security problem, then I could check to see if my source was also compromised. If I install binaries, then I might not ever be able to know if my binary was compromised. Maybe someday if reproducible builds are guaranteed to be bit-perfect, then I would use binaries from reputable sources, but that would only happen in the case where third parties are compiling from source and affirming the reproduction. In that case, why not just compile it myself?
Developers who publish compromised source are going to get burned. Developers who publish compromised binaries are going to say, "omg we must have been compromised by someone else." Obviously it is possible for third-parties to compromise source, but I'll go with what I see as the lesser threat.
If the cost of compiling was high, then that might make a difference. For me, the cost is negligible, which makes it a no-brainer for me.
I think for hardware level code and things link bios the only way is to trust the manufacturer. You could also trust the manufacturer but if they are not large enough to have fully vetted and trusted vendors then you're back to square one. So I think only in this sense it says something about the high degree of security of devices made by Apple.
checkyoursudo|3 years ago
To answer your questions, oh hell no; definitely I do not audit source code myself. Though I have rarely. I do it this way, and it is different enough for me, because someone could audit the source in theory. If someone did audit and found a security problem, then I could check to see if my source was also compromised. If I install binaries, then I might not ever be able to know if my binary was compromised. Maybe someday if reproducible builds are guaranteed to be bit-perfect, then I would use binaries from reputable sources, but that would only happen in the case where third parties are compiling from source and affirming the reproduction. In that case, why not just compile it myself?
Developers who publish compromised source are going to get burned. Developers who publish compromised binaries are going to say, "omg we must have been compromised by someone else." Obviously it is possible for third-parties to compromise source, but I'll go with what I see as the lesser threat.
If the cost of compiling was high, then that might make a difference. For me, the cost is negligible, which makes it a no-brainer for me.
luma|3 years ago
kube-system|3 years ago
soheil|3 years ago