....
Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.
Because if you leave Friday and don't come back Monday people are going to start looking.
IF someone does notice the code change and they come looking for you it's good to be someplace else.
Might as well be a beach on a tropical island with no extradition.
Uhm ... I suppose that button works on that tropical island, too. During Covid-home-office, he can pretend from the beach. I didn't mean to say that going to work normally would be a good idea although there is ways, too. If Dave is the release manager, he could "catch a backdoor" that conveniently deleted all its traces of infection. He'd just have to make sure to mix well that stash.
So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?
Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.
Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]
The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.
But, Mycelium, Electrum, etc. If they do they don't talk about it.
I would love for one of them to actually do some epic security measures and be somewhat upfront about it.
People trust non-reproducible wallets provided by anonymous developers. They trust custodial wallets that make no statement about using cold storage. Yesterday I reviewed a Ballet, a wallet that uses provider-generated BIP38 paper wallets and calls those "hardware wallets" and the app "companion app" and it's ok because Charlie Lee is running this shop. Unfortunately most people in the space are not at all literate about cryptography.