> Simple but not 100% foolproof, you can mutate your source code and verify the ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

yjftsjthsd-h on April 7, 2021 | parent | context | favorite | on: Signal Server code on GitHub is up to date again

> Simple but not 100% foolproof, you can mutate your source code and verify the changes propagate.

If I was evil, I wouldn't have a totally separate source tree and binary that I shipped; I'd have my CI process inject a patch file. As a result, everything would work as expected - including getting any changes from the public source code - but the created binaries would be backdoored.

tlarkworthy on April 7, 2021 | [–]

Yeah I can fix this with work but just getting some users would be helpful first

pluies on April 7, 2021 | [–]

https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... :)

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact