On 09/18/2014 20:19, grarpamp wrote:
us, or anyone really, to take you seriously you need to*at minimum* post on your sites detailed instructions on how to reproduce the binaries you distribute from the sources you provide. That means any and all
Binaries from the unreputable source are a security risk, and shouldn't be used. No instructions can normally lead to reproducing of the binary-equivalent files. They should distribute the code that can be rebuilt.
It is the Windows culture to directly distribute binaries. This is the vector of propagation of viruses and trojans. Additionally, such executables from SF aren't signed, and can be subject to MITM attacks like Evilgrade https://github.com/infobyte/evilgrade.
Yuri -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk