I'm always nervous about blindly using someone else's compiled library because, as you said, it might do a few extra unwanted things if someone's managed to hack the system. At least if you've got to download the source and compile it yourself you have the option to check it. If it's not going to change, you only have to compile it once and you've got a local verifiable copy of the library. Once it works for your application, why would you need an updated version of the library?
OTOH, how many people who download non-trivial source code actually bother to check it thoroughly? If you grabbed your copy before the compromise then you're OK, otherwise your local library is infected.
no subject
Date: 2024-06-20 05:02 pm (UTC)OTOH, how many people who download non-trivial source code actually bother to check it thoroughly? If you grabbed your copy before the compromise then you're OK, otherwise your local library is infected.