"it's open source - you can read the code"

Vrai

Well-Known Member
I get rather annoyed when I see people touting the virtues of FLOSS with the caveat "it's open source - you can read the code". Not only is it impractical advice, it is also somewhat misguided as it gives a user a false sense of security.

One recent example is the malicious package in the PyPI repository, used by developers to build other Python packages, which was there for over a YEAR before anyone noticed!
https://www.bleepingcomputer.com/ne...on-package-available-in-pypi-repo-for-a-year/

Just because the code is 'open-source' doesn't mean someone IS going to read it. And even if someone does read it they may not see or understand exactly what and how everything works. Moreover, flaws can be right there in front of someone reading the code and not understood as a flaw.

I can cite more examples, such as "heartbleed", etc.

That's my 'rant' for today (unless I think of something else ;) ).
 


Vrai

Well-Known Member
The Linux Kernel Enters 2020 At 27.8 Million Lines In Git.....
I get rather annoyed when I see people touting the virtues of FLOSS with the caveat "it's open source - you can read the code". Not only is it impractical advice, it is also somewhat misguided as it gives a user a false sense of security.
The Linux Kernel Enters 2020 At 27.8 Million Lines In Git.....

Systemd Is Approaching 1.3 Million Lines.....

¯\_(ツ)_/¯
 


Members online



Top