Two children pretended to be an adult in a trench coat. The author, ekr, discusses the challenge of trusting software vendors in today’s electronic world. From secure messaging apps to open source software, the issue of software provenance looms large. Code signing is touted as a solution, but it relies heavily on user diligence and can be easily circumvented by malicious actors. The author explores the concept of reviewable source code, reproducible builds, and binary transparency as a way to ensure software integrity without relying on blind trust in the vendor. The journey to true software provenance is complex, but essential in today’s digital landscape.
https://educatedguesswork.org/posts/ensuring-software-provenance/