Security & Anonymous Software Build (2012-11-21 03:59 by Anonymous #66361)
Dear Anonymous Compiler,
How do I know this is a safe build?
Or how can I check this build for "unwanted extra creative code" added by ,... anyoneonymous developers?
1) Tenfourfox (TFF) is at least giving a sha1 to check (which gives a downloader the option to check if it has downloaded the software in the way the developer mend to be).
2) TFF builders are not anonymous, which helps a lot in the trusting process (not checking the code then),
and therefore also in persuading people to download and use the software (because I like the idea of this project you started).
Maybe an answer on this topic can make this project more interesting and make people download / use the build you made.
And I hope so,
RE: Security & Anonymous Software Build (2012-11-26 23:54 by t_mrc-ct #66449)
Security is very important for Mail client. I want to provide Thenfourbird more secure.
I provide SHA1 hash with OpenPGP signing since Tenfourbird 10.0.11 and 17.0.
More secure way is build it by yourself from changesets. If you carefully check the changesets code and apply them to the comm repository getting from https://hg.mozilla.org/ . It is more secure than downloading binary.
I know that anonymity causes the mistrust. But I love anonimity. So I want to keep anonymity.