| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK)) Subject: Moox firefox/thunderbird builds. Anyone looked at these yet? > > I wonder why somebody would branch just to do performance > improvements? Because people want their browser to perform quickly? > Why not just work with the mozilla team and apply the changes > to the source tree? It's not like he's adding features and > the team didn't want them because they would add to bloat. > Makes me wonder if there is a hidden agenda is these custom builds... Because it doesn't look like he's actually making changes to the code, he's just compiling with specific support for certain processor features which aren't included in a general (unoptimised) build. Basically, Mozilla distribute a vanilla build that will run on everything, and this guy is compiling with support for specific processor optimisations that won't run on processors that don't support those features. > > Or maybe I'm just a super paranoid security professional. You probably are being a little paranoid, although I prefer to run the binaries as distributed by the supplier (I of course trust that they haven't included backdoors, and they have compiled it sensibly. For me, any open source application I run is essentially closed source anyway...). If you were being super paranoid, you could generate your own optimised build - once you'd read through all the source code looking for security holes of course... Stu
Powered by blists - more mailing lists