Agreed. I’d say with open source it is harder to ‘get away’ with malicious features, since the code is out in the open. I guess if authors were to put those features, open nature of their code also serves as a bit of a deterrent sice there is a much bigger possibility of people finding out compared to closed source. However as you said it is not impossible, especially since not many people look through the code of everything they run. And even then it is not impossible to obfuscate it well enough for it not to be spotted on casual read-through.
Comment on Is Foss really safe?
Whirlybird@aussie.zone 11 months ago
No, open source code is no safer than closed source code by default. What it does is gives the opportunity for people to verify that it’s safe, but it doesn’t mean it is safe. Also just because some people have “verified” that it is safe doesn’t mean they didn’t just miss the vulnerabilities or nasty code.
GlowHuddy@lemmy.world 11 months ago
RightHandOfIkaros@lemmy.world 11 months ago
Accounts that post “verifying code” can also be sock puppet accounts, so it is always good to double check for yourself if you know the programming language, or check the account history to see if they have verified other software from different writers that aren’t all connected to each other. Nothing sketchier than a verification ring, where accounts all verify for each other.
pjhenry1216@kbin.social 11 months ago
This is only an issue if it's only been reviewed by one or two coders with zero history on the repo's host. This is rare for anything that is remotely popular.
1847953620@lemmy.world 11 months ago
Software companies are not known for their accountability over hacky code though, foss leads to better quality because it solves the accountability conflict of interest in an efficient way.