You are viewing a single comment's thread from:
RE: It doesn't matter if Reddit is open source or not
Are there ways the publisher of the website can submit verifying information to the public (without compromising their website's security and whatnot)? Would that kind of dissemination of information have to be made periodically (every few weeks or so)?
I'm not sure how could this be done in a verifiable way. They can post hashes that would be the same as published source, but there will be no proof that the hash came from their live server. Even if they could somehow prove that the files on the server are the same files that are published, who's to say they don't have a standalone plugin of some sort that implements certain changes and features through a backdoor.
There are legitimately trustworthy companies that are in the same boat. Because they can't prove that it's the same open source software, they have to rely on people's trust in their name, which is never going to happen for Reddit.