Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/david_chisnall/statuses/114393211349275552">David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Friday, 25-Apr-2025 01:12:31 JST</a><a href="https://infosec.exchange/@david_chisnall" title="david_chisnall@infosec.exchange"><img src="https://gnusocial.jp/avatar/241214-48-20240302204654.webp" width="48" height="48" alt="David Chisnall (*Now with 50% more sarcasm!*)" style="position: absolute; left: 0; top: 0;">David Chisnall (*Now with 50% more sarcasm!*)</a><div><a href="https://hachyderm.io/@dalias/114393194972425847" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/31034" title="signalapp@mastodon.world">Signal</a></li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li><li><a href="https://gnusocial.jp/user/153731" title="guardianproject@social.librem.one">Guardian Project</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias" rel="nofollow">@dalias</a> <a href="https://social.librem.one/@guardianproject" rel="nofollow">@guardianproject</a> <a href="https://mastodon.world/@signalapp" rel="nofollow">@signalapp</a> <a href="https://floss.social/@fdroidorg" rel="nofollow">@fdroidorg</a> </p><p>When you are making a claim of security as a result of being open source, the fact that that you allow someone else to provide a binary and then inject it into your final build is a problem.</p><p>I can only assume that you're arguing for the sake of arguing, rather than making a real point.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4792902#notice-9691479">In conversation</a><time datetime="2025-04-25T01:12:31+09:00" title="Friday, 25-Apr-2025 01:12:31 JST">about a month ago</time> <span>from <span><a href="https://infosec.exchange/@david_chisnall/114393211349275552" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@david_chisnall/114393211349275552">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Friday, 25-Apr-2025 01:12:31 JSTDavid Chisnall (*Now with 50% more sarcasm!*)
in reply to
@dalias @guardianproject @signalapp @fdroidorg
When you are making a claim of security as a result of being open source, the fact that that you allow someone else to provide a binary and then inject it into your final build is a problem.
I can only assume that you're arguing for the sake of arguing, rather than making a real point.
In conversationabout a month ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice