On Sunday 04 March 2012 12:12:19 Anonymous Remailer (austria) wrote: > > the reason is "you can download source code, look at it, make sure for > > yourself there's no backdoors, build your own ISO from source code" > > You can but nobody does. If the entire OpenBSD team can't finish a complete > audit of OpenBSD in one release cycle how long do you suppose it would take > one person to do that? Not very practical. > >
If someone thinks he has to audit the whole tree, he is not practical already. It is not difficult to get a trusted source rep and compare the downloaded source with that and investigate the differences if they think it is needed. If they don't even trust the source code on the DVD, they have bigger problems than just secure downloads.
