Allowing native code to run on anybody's machine is dangerous.
- Currently download_libs.sh doesn't contain md5 checksums. IMHO this is necessary.
- Ideally a developer should never add those to native folder but actually only it should be done via CI upon verification of md5 checksums
There could be other measures / ideas taken for this but the things above should be minimum, especially that project is from cryptocurrency / where trojan horses stealing things like wallet passwords are common.
Allowing native code to run on anybody's machine is dangerous.
There could be other measures / ideas taken for this but the things above should be minimum, especially that project is from cryptocurrency / where trojan horses stealing things like wallet passwords are common.