Not discrediting Open Source Software, but nothing is 100% safe.

  • Cyclohexane@lemmy.mlM
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 year ago
    1. Yes, I do it occasionally
    2. You don’t need to. If it’s open source, it’s open to billions of people. It only takes one finding a problem and reporting it to the world
    3. There are many more benefits to open source: a. It future proofs the program (many old software can’t run on current setups without modifications). Open source makes sure you can compile a program with more recent tooling and dependencies rather than rely on existing binaries with ancient tooling or dependencies b. Remove reliance on developer for packaging. This means a developer may only produce binaries for Linux, but I can take it and compile it for MacOS or Windows or a completely different architecture like ARM c. It means I can contribute features to the program if it wasn’t the developer’s priority. I can even fork it if the developer didn’t want to merge it into their branch.
    • ArrogantAnalyst@feddit.de
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      Regarding point 2. I get what you’re saying but I instantly thought of Heartbleed. Arguably one of the most used examples of open source in the world, but primarily maintained by one single guy and it took 2 years for someone to notice the flaw.

          • Dr. Jenkem@lemmy.blugatch.tube
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            No more or less relevant than heartbleed. Yes vulns exist in open source software, sometimes for a while. Being open source can lead to those vulns getting discovered and fixed quicker than with closed source.

            • ArrogantAnalyst@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              And how does this negate my initial point that you shouldn’t trust in the security of something just because it is open source? I think you misunderstood what I was saying.