• rockSlayer@lemmy.world
      link
      fedilink
      arrow-up
      10
      arrow-down
      1
      ·
      edit-2
      8 months ago

      Bug fixes can be delayed for a security sweep. One of the quicker ways that come to mind is checking the hash between built from source and the tarball

      • Lung@lemmy.world
        link
        fedilink
        arrow-up
        13
        ·
        8 months ago

        The whole point here is that the build process was infiltrated - so you’d have to remake the build system yourself to compare, and that’s not a task that can be automated