Comment on Do you actually audit open source projects you download?

truthfultemporarily@feddit.org ⁨1⁩ ⁨week⁩ ago

It’s not feasible. A project can have 10s or 100s of thousand lines of code and it takes months to really understand what’s going on. Sometimes you need domain specific knowledge.

I read through those installers that do a curl gitbub… | bash. Otherwise I do what amounts to a “vibe check”. How many forks and stars does it have? How many contributors? What is the release cycle like?

source
Sort:hotnewtop