How does one verify an app is running of its published code source? (lemmy.world)

submitted 2 years ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 25 points 2 years ago

F Droid is as close as you're going to get. They take open source projects and build them independently and then publish. So if you trust f Droid, then the code you get from f Droid is the right code, and the binary you get from Android is the right binary.

[-] [email protected] 6 points 2 years ago

Fdroid is great but OPs question is even more important then, installing an installer app without knowing its legitimacy could lead to many apps being infected.

[-] [email protected] 4 points 2 years ago

Sure, its about who you trust in this scenario. once you introduce a compiler it becomes unprovable. So what your threat model is, and who you can trust.

this post was submitted on 01 Sep 2023

74 points (98.7% liked)

Open Source

37727 readers

50 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]