> On Sunday 04 March 2012 12:12:19 Anonymous Remailer (austria) wrote: > > > the reason is "you can download source code, look at it, make sure for > > > yourself there's no backdoors, build your own ISO from source code" > > > > You can but nobody does. If the entire OpenBSD team can't finish a complete > > audit of OpenBSD in one release cycle how long do you suppose it would take > > one person to do that? Not very practical. > > > > > > If someone thinks he has to audit the whole tree, he is not practical > already. It is not difficult to get a trusted source rep and compare the > downloaded source with that and investigate the differences if they think > it is needed.
What is trusted? Until some trusted group or person audits the source and signs it there is nothing to compare anything to. > If they don't even trust the source code on the DVD, they have bigger > problems than just secure downloads. Agreed, just arguing against the absurd idea quoted at the top.