In a previous life, peter honeyman said ...
| i disagree. who will guarantee that viacrypt ships binaries based on | the validated code?
Have your appropriately trusted person watch the code compiled in front of him, and take a signature of the completed binary. Although, this becomes somewhat of a nightmare, as 'Mr Trusted' will need to oversee all 'release' compilations, and spend time beforehand going over code to verify everything. This signature could be signed by 'Mr Trusted' and included with the distribution, including s/ware to allow the 'pleb' user ensure they match.
Matthew. -- Matthew Gream,, M.Gream@uts.edu.au -- Consent Technologies, 02-821-2043.
Why not just arrange for 'Mr Trusted' to receive a copy of the source code to examine on a secure system. Then when he/she is sure that it's ok, compile it on the same trusted system and compare with the release binaries. Happy Hunting, -Chris. <cdodhner@indirect.com> PGP public key available upon request