Thread: [ANNOUNCE] Device-lock In Openmode for N9/N950 !!
View Single Post
juiceme is offline juiceme
2016-01-19 , 05:52
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#24
Originally Posted by HtheB View Post
I really don't have the sources...
The truth is: I've got it from some forest cat... deeeeep deep inside the woods....
But the package is trustable if that concerns you
The fact remains; unfortunately you just cannot trust it unless some base conditions are fulfilled:
  • You more or less have to trust a security package if it comes from the original manufacturer. (means it is signed by Nokia)
    Even in this case it just depends if you trust the manufacturer, as quite a few people don't...
  • You can almost certainly trust a package if the source code is available and you can compile it yourself.
    Even in this case it is possible you have a breach, for example your compiler toolchain may be compromised...

When an important security related package comes "from some forest cat... deeeeep deep inside the woods" it most certainly cannot be trusted.

There are a high number of possibilities to go wrong;
  • the package might be compromised
  • the software might have exploitable bugs
  • the package might be incompatible with some firmware or installed software
 

The Following 7 Users Say Thank You to juiceme For This Useful Post: