74
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Sep 2023
74 points (98.7% liked)
Open Source
31184 readers
135 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
As the article/SO answer posted by cwagner tells you you effectively can't, because a "trojan" could be injected at many different levels and even self-compiling the source code depends on some compiler binary that you have to get from somewhere (build your own compiler, you tell me, but what do you use to compile THAT?).
In practice for most people the correct answer is "get the binary from your distributions normal repository". By using a given distribution you already implicitly trust that distribution (because if you don't, why use it?), so non-core software from their repository should also be considered trustworthy (at least in the sense that no additional trojans were introduced that aren't in the source).
That doesn't really help with Windows, though. There your best bet is to get a binary that's from as close to the original authors themselves. Ideally from their project home page themselves.
Thanks for the answer. I am a Linux user luckily ๐