On Mon, Feb 3, 2025 at 12:51 PM Donald Whittemore via cctalk < cctalk@classiccmp.org> wrote:
> If I don’t have the code expertise or compiling capability how do I know > the executable is safe? > How do you know a closed-source executable is safe? Hackers have installed vulnerabilities into closed source software. As previously said, even if you have the code expertise and ability to re-compile you're trusting your compiler. You seem to be looking for a guarantee that doesn't exist. Now whether 1,000,000 eye balls looking for bugs in open source code results in a "safer" end product given that there are an arbitrary number of bad actors who can also look for vulnerabilities is an issue of legitimate debate. Of course many of these are already looking through closed source binaries for vulnerabilities.