> Given its Russian roots, at this point I'm nervous about updating WinRAR or otherwise continuing to use it. I wish I had a day or two to get 7Zip to build.
If you're worried about backdoors, why did it take until this news for you to change your preference?
Also, 7zip is available prebuilt; You don't need to compile it yourself.
I’ve not been able to find a signed distribution of 7-zip, so I imagine they feel safer building the repo locally to make sure they’re at least not running a compromised .exe (not suggesting the code itself is guaranteed to be virus free, but this does feel safer in my mind)
> I’ve not been able to find a signed distribution of 7-zip
Since when would a signed binary help when your "opsec" says it's the software itself that is compromised?
Software can still be compromised if it is compromised before being signed.
Assuming you somehow trust the source code and not the binary, in fact, you're better off compiling it yourself and checking if the non-signed software you get is similar enough to the binary you can get from others - Assuming of course you can actually reach reliable reproducible builds with a Windows build chain, a thing that last time I checked was horrible and flaky.