Is it my imagination or has every Linux OS instability I've encountered in the last 2 years traced back to Github?
How can there be any OS security if the system's code is developed by any Wacko out there. The last time I checked out an OS glitch that led back to Github the repository was some kook's personal space loaded with Facebook, Twitter, & narcissistic garbage......pix, videos, & tweets.
I’d say it’s your imagination. Or perhaps your misunderstanding of git.
Git is version control software used by developers to keep track of development of software. GitHub allows developers to collaborate on projects. It’s used by everybody from hobbyists, right up to professionals and huge corporations.
If you indiscriminately download code from ANY old git repo - then yes - you could potentially be getting anything by any old kook.
But if you track down the official git/github repo for a software project - you’re getting the latest version of that software directly from the developers who are working on it and SHOULD be relatively safe.
If you download the head of the source tree - you’re getting the very latest code, which should have the latest bug-fixes, and newest features. But can also contain the latest bugs and performance regressions too!
If you download a tagged release from the tree using gits tags functionality, you can download the code for a particular stable version of the program.
GitHub is not to blame for anything.
Software development is a very tricky process. It’s very easy to end up inadvertently introducing bugs.
But it’s not easy to introduce deliberate ones because you usually have other people looking at the code.
Most of the larger free software/open source projects have a team of people working on things and any pull requests/patches are reviewed by other team members before being accepted into the mainline branch of that project.
Problems can occur when there are only a few people looking at the code. As with what happened with the heartbleed SSL bug.
But the OpenSSL library - an extremely critical library, used by a LOT of other projects only had two people maintaining it.
A simple, innocent, well intentioned change ended up causing a huge security vulnerability that was not detected, or reported for several years.
As soon as the bug was discovered and reported, it was quickly fixed.
A couple of companies have since hired professional programmers to help maintain that critical library to ensure that more eyes are on the code and that it is kept secure.
Software developers are human. And therefore are not infallible. Software development is a highly error prone field. It’s an iterative process. The more complex a piece of software is, the more bugs it’s likely to contain.
There are a few code profilers like coverity that can be used to automatically detect potential flaws/problems in code. I believe coverity allow free software projects to perform coverity scans on their repos for free.
So static code analysis tools can also help developers to make free software safer, with less defects/bugs.
It’s a complex topic, there are a lot of factors that affect code quality.
But on the whole - most free software is pretty damn good!!