Security Concern - Open Source Binaries

simplejack simplejack at mailinator.com
Mon Jun 8 00:33:02 CEST 2009


Is sourceforge (or any of the other repositories for open source software)
actually doing a compile and compare of uploaded source code to ensure that
uploaded binaries are legitimate?

I know, I know: I'm lazy. Why should the processing burden be centralized
vs. distributed, but having a central body actually signing off on the
legitimacy of the files they are sending would go a long way to reassuring
it's users.
-- 
View this message in context: http://www.nabble.com/Security-Concern---Open-Source-Binaries-tp23916072p23916072.html
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list