Auditing Open Source Security Apps
Hi HN, there's been a few posts about auditing OSS security/encryption apps.
I'm wondering though - how do we verify that the code we see on Github is the same code running live on a webserver?
Sure, you could ask for a "hash" but the webserver could fake it.
How do you prove what code is running on a remote machine?
I'm sure there's a proper name for this kind of problem..
1 comment
[ 4.4 ms ] story [ 15.3 ms ] threadhttp://www.gnu.org/licenses/agpl-3.0.html