Bobinas P4G
  • Login

  • Public

    • Public
    • Groups
    • Popular
    • People

Conversation

Notices

  1. muesli (fribbledom@mastodon.social)'s status on Tuesday, 14-May-2019 22:56:38 UTC muesli muesli
    • Felipe M.

    @fmartingr

    Verifying the sources is a separate (yet connected) issue indeed, but it's useless if you don't know whether the sources you're verifying are the ones that have been packaged.

    As a developer you should never blindly trust any dependencies. If you depend on some code, you will inherit all its flaws and issues, as well. That's your responsibility.

    Luckily you're not alone and it's a collective process. The same needs be achieved for verifying build integrity.

    In conversation Tuesday, 14-May-2019 22:56:38 UTC from mastodon.social permalink

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • Privacy
    • Source
    • Version
    • Contact

    Bobinas P4G is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All Bobinas P4G content and data are available under the Creative Commons Attribution 3.0 license.