How do we know that this is the software that they compile and ship?
We don't. Source disclosure is useless in this situation unless the
build process is somehow audited, or they ship source and whatever
else I need to build identical binaries to theirs, which I can then
compare and go "yes, these binaries are identical, ergo it's probable
that the sources we used are identical, ergo the source I audited and
found to be correct is probably what was used to build the production
binaries".
I'm sorry but I see no reason to trust these companies implicitly, I
think they should be held to an extremely high standard of "guilty
until proven innocent". They have the ability to change the laws and
governments we live within. Any other object with this capability
(judges, politicians/etc) is generally made to go through a rigourous
process and/or when they make/change laws there are multiple checks
and balances (appeal courts, congress, the preseidents veto, the
queen's veto, etc.). With voting machines there appear to be no checks
and balances.
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.