Comment

Comment on Do you actually audit open source projects you download?

sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨week⁩ ago

I don’t audit the code, but I do somewhat audit the project. I look at:

recent commits
variety of contributors
engagement in issues and pull requests by maintainers

I think that catches the worst issues, but it’s far from an audit, which would require digging through the code and looking for code smells.

Sort:hotnew top

dieTasse@feddit.org ⁨1⁩ ⁨week⁩ ago
Same here.

on the phone I trust F-droid that they have some basic checks

I either avoid very small projects or I rifle through the code very fast to see if its calling/pinging something suspicious.
source