Quote:
Originally Posted by ixtab
Well, guess why I'm releasing only .bin files 
... just kidding. But it sure is a valid point. |
Well, along with the "fully loaded" binary, you *could* release the source code for a version *without* the extra payload goodies, just to lure people into *thinking* it is safe and no need to recompile themselves.
Some years ago, the US military discovered that the standard C compiler distributed with Unix systems contained binary code that was NOT in its source code, even after compiling it yourself. Further study showed that the C compiler recognized when it compiled itself, and injected that extra payload into the next version. It had been this way since the early days. But the *real* payload was that it ALSO recognized when it was compiling the login application, and it inserted a secret backdoor login account and password that was not in the passwd file.
Some of the well-known "big names" in the Unix world had to appologize to the US military and promise to never do it again.
