• Kogasa
    link
    fedilink
    14
    edit-2
    1 year ago

    Seems the precompiled binary isn’t reproducible. It seems odd that they would even consider this option without figuring that out first.

    I don’t like the comparisons to Moq. The issue with Moq was the use of a precompiled binary explicitly designed to exfiltrate PII. That’s not fixable. It’s inherently malicious. This is an implementation detail that will run afoul of security policies and break build systems, but it can be fixed.