Remix.run Logo
cygx 2 hours ago

Sure - but running build scripts on an end-user's machine requires the user to have all relevant tools installed, and isn't exactly reducing the attack surface...

I still like the idea of shipping tarballs that include generated files instead of pulling input files from source control. As mentioned, the first thing that came to mind to make things easier to audit is to stick their contents into a community-controlled VCS.

g-b-r an hour ago | parent [-]

> Sure - but running build scripts on an end-user's machine requires the user to have all relevant tools installed, and isn't exactly reducing the attack surface...

Well, that's what building from source means; you could maybe distribute some compiled files for those who prefer them, and are willing to take the risk.

But you seem to be arguing that having users compile their software themselves doesn't increase their security?

> As mentioned, the first thing that came to mind to make things easier to audit is to stick their contents into a community-controlled VCS.

True