

Auditing Open Source Security Apps - quantumpotato_

Hi HN, there&#x27;s been a few posts about auditing OSS security&#x2F;encryption apps.<p>I&#x27;m wondering though - how do we verify that the code we see on Github is the same code running live on a webserver?<p>Sure, you could ask for a &quot;hash&quot; but the webserver could fake it.<p>How do you prove what code is running on a remote machine?<p>I&#x27;m sure there&#x27;s a proper name for this kind of problem..
======
newlog
You can't. Or so I think...

[http://www.gnu.org/licenses/agpl-3.0.html](http://www.gnu.org/licenses/agpl-3.0.html)

