Hacker News new | past | comments | ask | show | jobs | submit login

Surely you aren't suggesting that a reasonable answer is to read the code yourself and compare it to a known version?

Obviously, the mainstream way is a hash-based file verification.

Which again, everybody needn't do - only a small number - in order to catch a bad actor in the act.

But I presume you are trying to make some bigger point. What is that?




It's not reasonable at all. But the only correct answer is reviewing the code yourself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: