On Fri, 2014-12-05 at 19:17 +0100, Andrey Gursky wrote: > > b) everyone knows what's actually contained in that binary blob, since > > it's built from open source code, and the build is (supposed to be) > > reproductible. > > Yes, "supposed to be": "there are ongoing efforts to allow > reproducible builds which will then allow verification of the blob." > [1] Even if it was reproducible (and I didn't manage to),... it wouldn't really help afterwards, once a system would have been compromised an attacker could have wiped all his traces.
I still think it's quite problematic that this slipped through, but even more problematic is IMHO the position of Mozilla which clearly had said goodbye to some important principles of FLOSS and freedom of users. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature