Why trust gpg4win?

Doug Barton dougb at dougbarton.us
Sun Sep 8 01:15:08 CEST 2013


On 08/22/2013 11:22 AM, Jasper den Ouden wrote:
> Compiling your own fixes the issue of the sources not corresponding
> to binaries.

Only if you're sophisticated enough to be able to understand the 
compiler itself, all of the libraries that are linked in, etc. etc. Even 
in open source software you compile yourself there are still a lot of 
attack vectors.

The real value of open source software is the community.

Doug



More information about the Gnupg-users mailing list