203
Malicious Plugin in Pidgin (Chat Application)
(pidgin.im)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
Without some sort of reproducible builds (which are really finnickey to actually get) this doesn't really help though. Adding some set of malicious patches before doing the binary release is trivial.
I agree that reproducible builds would be ideal and modifying binary releases is trivial, but any step forward is better than no review process at all.
There's no such thing as a perfect system. It's all about increasing the number of hoops for an attacker to jump through. This is at least a step in the right direction.
True. My point was more that it's an improvement, not really a broad solution.
You don't need reproducible builds. You can get by if you trust whoever compiled it, like your distro's maintainers or the pidgin developers.