[liberationtech] Snakeoil and suspicious encryption services
Aymeric Vitte
vitteaymeric at gmail.com
Mon Jul 21 08:24:26 PDT 2014
I don't need to "read" that's exactly what I meant: you can trust a
compiled package only if you have compiled it yourself, and have
previously checked the complete code or have it audited, which is
unlikely for both in most of cases, but happens systematically with js
for the compilation phase, while the check of the code, which does not
depend on tons of libraries, is trivial.
Le 21/07/2014 15:57, Maxim Kammerer a écrit :
> On Mon, Jul 21, 2014 at 12:59 PM, Aymeric Vitte <vitteaymeric at gmail.com> wrote:
>> Unlike obscure elefantesque open source code that you don't even know what
>> it becomes when it gets compiled, it's trivial to see what it is doing.
> I suggest that you read about the process of just-in-time compilation,
> which is Javascript engine browser- and version-specific.
>
--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the liberationtech
mailing list