You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
when manually looking at the forked repo of adlplug https://github.com/studiorack/adlplug there are no commits related to the build of the project, just a release, so again I dont see a way to verify the build is a good one or malicious
the lack of transparency regarding the origin of the builds/binaries is a big red flag. you are basically incentivizing users to download and run random binaries that they have no way to verify to not be malicious.
we need reproducible builds, with publicly visible logs for them.
kmturley
changed the title
reproducible builds, with publicly visible logs for them.
Reproducible builds, with publicly visible logs for them.
Sep 11, 2024
when manually looking at the forked repo of adlplug https://github.com/studiorack/adlplug there are no commits related to the build of the project, just a release, so again I dont see a way to verify the build is a good one or malicious
the lack of transparency regarding the origin of the builds/binaries is a big red flag. you are basically incentivizing users to download and run random binaries that they have no way to verify to not be malicious.
we need reproducible builds, with publicly visible logs for them.
DISTRHO/Cardinal#653
The text was updated successfully, but these errors were encountered: