Re: A pragmatic approach or government grade security theatre?
... if you can't convert the source through the same tool chain and then do a byte for byte comparison ...
That's not a guarantee of anything in particular. If on the other hand, you can reproduce the binaries from a reviewed source using a cross-compiler under your complete control, you known that the backdoor is not in the source or the toolchain. However, this still does not guarantee the absence of a backdoor - it still could exist in the firmware, in the CPU microcode, or in one of the peripheral devices or controllers.
I somehow suspect that when Russian FSB reportedly switched to mechanical typewriters for their most sensitive data, the decision was not borne out of the idle paranoia.
Biting the hand that feeds IT
