Is sourceforge (or any of the other repositories for open source software) actually doing a compile and compare of uploaded source code to ensure that uploaded binaries are legitimate?
I know, I know: I'm lazy. Why should the processing burden be centralized vs. distributed, but having a central body actually signing off on the legitimacy of the files they are sending would go a long way to reassuring it's users. -- View this message in context: http://www.nabble.com/Security-Concern---Open-Source-Binaries-tp23916072p23916072.html Sent from the GnuPG - User mailing list archive at Nabble.com. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
