Topic: [ANN] DERO: DAG + Cryptonote + Bulletproofs + SSL + POW + Smart Contracts - page 24. (Read 123199 times)

I just made a pretty simple point in response to you, and then tried to explain it to b9ron, when he took issue with it.

And I never even came close to saying I only trust code I wrote myself, not sure where you pulled that from.

...
And the only way to change that, is to verify all the code (which as I have also pointed out, does not even suffice entirely, as you are still trusting that the code you see is what was actually running).

No even if you have all the code with all history of commits, if Monero servers are compromised with binary with a tiny backdoor or an tiny exploit hidden in it, it will be hard to find out unless devs reveal their binary were compromised.

Because even you'll have a fork of project even with the same arch, you could compile and still get a binary code different from official binary.

The only way to check if your binary isn't compromised is to review the code and compile yourself. Until this time you have to trust official binary with the official checksum provided.

Once again you don't trust the binary provided fine, come back further.

That would be about the size of it, though I already wrote as much in my initial reply to you on this topic. It should be a fairly uncontroversial concept (not sure why b9ron felt the need to push back), though not perhaps an obvious one, so I mentioned it in order to help readers better understand exactly where they are putting their trust.

Do you need the source code of your bank before you can have expectations of how it works?

The way I read this is that even given the source code you still wouldn't trust that the binaries it produced are the same as the existing compiled binaries* so I am forced to conclude that nothing will satisfy you.


* - because apparently the golang compiler does not create bit-identical output when run on different machines despite bit-identical sources.

Scam devs are sometimes even too dumb to pull off a scam. And believe it or not but some of them would even scam for a couple of dollars.

...Because the only functional difference between dero and this hypothetical is that the unknown entity is captain, so it comes down 100% to your trust in him, not in the code, not in the blockchain, not in anything else.

And the only way to change that, is to verify all the code (which as I have also pointed out, does not even suffice entirely, as you are still trusting that the code you see is what was actually running).

That's just a cute way of yet again avoiding the point; can it be long now before your argument becomes accusing me of being mojo and/or serena? If you didn't mean to refute me, you should not have responded. But you did, and through your responses we have so far learned:

a) You have indicated that it is fine for the community to only have the ability to make pull requests, but not have any actual control over the project.
b) You have characterized dero as unfinished alpha stage software, and intimated that people should not use it like a bank, until "some years when everything will be stable with 0 risks and truly Open Source."
c) You demonstrate by point (b) that you do not understand that the blockchain is an immutable record, and that what happens with it now bears on whether people should trust it years from now.
d) You demonstrate by point (c) that you do not understand my initial point, which regarded the importance of being able to verify the code that was running on the network between the time the source was closed, and now.

This is what is meant when I say you have no understanding of blockchain; this, though it obviously escapes you, is what others can see by your words. And that rather than either agree or refute, you should instead point to a repo where I have forked a few projects, as though it says anything, rather than address the points themselves, says volumes.

The irony is that where I have not actually argued here against using or getting involved with dero, you yourself have inadvertently and voluntarily provided a few decent reasons why a person might do well to avoid it.