I think I am missing something. I know how a checksum confirms that you downloaded the file correctly, but how does source code help us confirm the firmware someone might put out?
How would one go about checking if the firmware download matches the posted source code? Couldn't somebody just gain trust with a "legit" firmware that matches the source code and then change it later? Would it take constant checking to make sure the downloads are always legit?
It just does not seem like...
Please explain how source code can be used to confirm the legitimacy of firmware?
How would one go about checking if the firmware download matches the posted source code? Couldn't somebody just gain trust with a "legit" firmware that matches the source code and then change it later? Would it take constant checking to make sure the downloads are always legit?
It just does not seem like...
Please explain how source code can be used to confirm the legitimacy of firmware?