Comment by 3rodents
12 hours ago
By that standard, it can never be verified because what is running and what is reviewed could be different. Reviewing relevant elements is as meaningful as reviewing all the source code.
12 hours ago
By that standard, it can never be verified because what is running and what is reviewed could be different. Reviewing relevant elements is as meaningful as reviewing all the source code.
Or they could even take out the backdoor code and then put it back in after review.
This is why signal supports reproducible builds.
In this day and age, in a world with Docker and dev containers and such, it's kind of shocking that reproducible builds aren't table stakes.
Ah yes, the Volkswagen solution.
++1
"target market product alignment" :-D
Let’s be real: the standard is “Do we trust Meta?”
I don’t, and don’t see how it could possibly be construed to be logical to trust them.
I definitely trust a non-profit open source alternative a whole lot more. Perception can be different than reality but that’s what we’ve got to work with.