| ▲ | g-b-r 2 hours ago | |
> Sure - but running build scripts on an end-user's machine requires the user to have all relevant tools installed, and isn't exactly reducing the attack surface... Well, that's what building from source means; you could maybe distribute some compiled files for those who prefer them, and are willing to take the risk. But you seem to be arguing that having users compile their software themselves doesn't increase their security? > As mentioned, the first thing that came to mind to make things easier to audit is to stick their contents into a community-controlled VCS. True | ||