How Can You Tell Whether Open-Sourced Programs Are Actually Open-Sourced
#9
(03-17-2021, 03:17 PM)InfinityDark Wrote:
(03-16-2021, 09:35 AM)enmafia2 Wrote: If it is open source you can always compile the software yourself.
Also, what you are proposing is not a stupid idea. It has happened in the past, for example with linux mint:
https://www.ghacks.net/2016/02/21/linux-...mpromised/

When downloading these types of things, usually hashes are provided. These hashes will tell you if you have a good copy of the ISO and not one which has been tampered.

What I am not sure about is if the hash you produce after compiling the software should be the same as the one they provide. If someone knows this please tell me.
Looks like I'll be compiling the software myself now.


The problem is that, if you don't trust the publisher with the content of their program, why would you trust them with the hash ?
They could give you the right hash, it doesn't mean that the program is clean. Even if it is open source.
Yeah, compiling ourselves is better, but let's be real for a moment, no one will go through hundred of thousands of lines of codes before compiling, so, in the end, you just trust the publisher.

Open source is better, but it doesn't mean that the code is clean, and you will probably not go through all the code to verify it, so, there's always a part of trust.
Avoid the bad open source programs who have already been analyze by other people, and only compile code from people you trust.

Or, if the length of the program permit it, review it yourself.
But keep in mind that, it is not because a software has his code on github, that you can trust it.
Reply


Messages In This Thread
RE: How Can You Tell Whether Open-Sourced Programs Are Actually Open-Sourced - by Wipe_TS - 03-20-2021, 07:00 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Can you do anything with a botnet you create? purpledevil 4 5,767 06-17-2021, 06:36 PM
Last Post: Incog
  Share how you learned your most important hacking skills ! justjess2021 8 9,118 05-14-2021, 01:30 AM
Last Post: justjess2021
  Can you name a few open source tools for offline password cracking? ShadowRaider 2 8,329 06-30-2020, 01:54 AM
Last Post: poppopret
  Can ColoCrossing spoof IP header now? feeder986 2 8,237 03-10-2019, 05:25 PM
Last Post: Insider