Auditing Open Source Security Apps

5 points by quantumpotato_ ↗ HN
Hi HN, there's been a few posts about auditing OSS security/encryption apps.

I'm wondering though - how do we verify that the code we see on Github is the same code running live on a webserver?

Sure, you could ask for a "hash" but the webserver could fake it.

How do you prove what code is running on a remote machine?

I'm sure there's a proper name for this kind of problem..

1 comment

[ 4.4 ms ] story [ 15.3 ms ] thread