@xpil@fosstodon.org well, if the developer cannot fix simple memory corruption via boundary checks (eg running nose) - how can I trust him to fix the backdoor? I'd need to reverse-engineer the whole code to prove the fix indeed doesn't introduce even worse vulnerability (because he doesn't even provide source code, only binary patches).