Ok so one of the benefits of FOSS is that it's not possible for devs to build in backdoors without the community noticing, right?
The thing is though that I don't download source code but packages already compiled by my distro's devs. So theoretically they could've altered the source code before compiling it.
Is the only way to be sure there are no backdoors in your OS/software built in by compiling everything yourself?
>>56305684
>The thing is though that I don't download source code but packages already compiled by my distro's devs. So theoretically they could've altered the source code before compiling it.
Yes
>Is the only way to be sure there are no backdoors in your OS/software built in by compiling everything yourself?
You can also check the signature. Open source projects generally sign their binaries with some hash, you could check that the binaries in the package you download match those hashes.
It's not 100% guaranteed, but you also don't have any guarantees that your compiler doesn't insert malicious code into what you compile. There's always a possibility to become more tinfoil than you already are.
>>56305684
what do they have to gain from putting backdoors in stuff?
the instant people found out, which would be easy, the devs would get fucked over
Your hardware isn't free.
Software runs on top of hardware.
Ergo free software alone does not make you free.
>>56305723
>You can also check the signature. Open source projects generally sign their binaries with some hash, you could check that the binaries in the package you download match those hashes.
Thanks for pointing this out
I'm not wearing a tinfoil hat yet, it's just something I've been wondering
>>56305725
idk, it would be easy for the NSA to secretly start their own distro
>the instant people found out, which would be easy, the devs would get fucked over
How could people find out?
>>56305766
Why isn't there a project that's developing free hardware?
>>56305839
>How could people find out?
compiling shit themselves and checking signatures as >>56305723 stated
>>56305839
because open source hardware is expensive to develop and underpowered
and you don't really get to do anything fun like play games made in the last decade
>>56305864
>compiling shit themselves and checking signatures as >>56305723 stated
Oh right, of course
Why is open source hardware underpowered?
>>56305913
because no one has the money for it
go find some open hardware projects and see how underfunded they are
it's like via except 10x worse
You can also build the packages yourself. Most distros make their packaging tools and package sources available for you to use yourself.