Not discrediting Open Source Software, but nothing is 100% safe.

  • ghostermonster@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    35
    ·
    edit-2
    1 year ago

    Just that there is ability to read and change the code, even if not everyone reads it, makes developers away from idea to put something malicious there.

    • Stelus42@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      10
      ·
      1 year ago

      Just like how no one has ever put anything malicious on Wikipedia. Nope, never, not once

      • ghostermonster@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Wikipedia accepts all new entries by default. Almost all open source projects review any contribiution first before merge.

        It’s also not fair comparison, because there can’t exists an encyclopedia you can learn from but not look what’s inside it. But you can obfuscate machine code, making it very hard to see what it does, so it’s more temping for code developers to put malicious features when noone can see it.

    • redditcunts@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      59
      ·
      1 year ago

      This is wrong and ignorant. It happens all the fucking time. Software vendor supply chain is a huge fucking issue.

      Christ, tell me you have no idea what your talking about with 1 sentence vibes.

      • stappern@lemmy.one
        link
        fedilink
        English
        arrow-up
        33
        arrow-down
        1
        ·
        1 year ago

        how about you chill? it will happens less frequently than with proprietary software…

        • redditcunts@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          63
          ·
          1 year ago

          Lol no it doesn’t. It happens weekly, all the fucking time.

          Source: I’ve been developing oss software for 20 years and have had to push hundreds of teams to fix their vendors bin.

          Chill == I ain’t got shit to say 🤣

          • stappern@lemmy.one
            link
            fedilink
            English
            arrow-up
            30
            arrow-down
            1
            ·
            1 year ago

            ah, found the redditor.

            best of luck im not doing that shit again,you act like a child.

            • bloodfart@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Hey I know it sucks when someone isn’t nice to you, but that person is about as right as can be.

              Just a month ago thousands of malicious commits discovered on git made the news. Unaudited repositories are a huge vector for attack and have been for years.

              If that person seems pissed off you could chalk it up to hearing about this stuff on newsgroup discussion two decades ago.

      • Cyclohexane@lemmy.mlM
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Software vendor supply chain affects ALL software. It is caught much sooner with open source.