| General > General Technical Chat |
| Working From Home - Impacts of Coronavirus |
| << < (195/447) > >> |
| nctnico:
--- Quote from: paulca on April 27, 2020, 06:45:03 pm ---I think we should campaign strongly for a fully open sourced solution regardless of where it comes from. --- End quote --- That seems to be the general idea anyway. And people who are worried about governments sharing information: this already happens on a large scale. There are many treaties in place for this already. A Corona app is not going to add any new ability for governments. |
| PlainName:
--- Quote ---campaign strongly for a fully open sourced solution --- End quote --- The issues surrounding this have nothing to do with the source, open or closed. Being open source yet still having a central repository is still no-go. Closed source with no central would be OK if you didn't distrust the author. |
| bd139:
Open source doesn't make one shit of a difference for stuff deployed to a closed binary only app store. There's no guarantee that what is in the source repo wasn't patched before it got to the app store and you can't use reproducible builds in a closed source app store either AFAIK as the signing key would have to be disclosed. |
| nctnico:
--- Quote from: bd139 on April 27, 2020, 07:44:07 pm ---Open source doesn't make one shit of a difference for stuff deployed to a closed binary only app store. There's no guarantee that what is in the source repo wasn't patched before it got to the app store and you can't use reproducible builds in a closed source app store either AFAIK as the signing key would have to be disclosed. --- End quote --- Not true. You can do a compare between a build from an open source repository and the binary provided in the app-store. These have to be identical. |
| bd139:
In theory. It's not that easy though. The problem is mostly however that the binaries are signed at Apple's end so you can't side load them. To do that you require access to the signing key that apple hold. You don't have access to that signing key so you can't actually determine if what arrived at the app store and what is downloaded from the app store are the same build because of the nature of the distribution of keys in the keyspace. |
| Navigation |
| Message Index |
| Next page |
| Previous page |