• We did not send an email asking for donations - please read this post.

"it's open source - you can read the code"

Vrai

Well-Known Member
Joined
Mar 16, 2019
Messages
1,060
Reaction score
999
Credits
4,055
I get rather annoyed when I see people touting the virtues of FLOSS with the caveat "it's open source - you can read the code". Not only is it impractical advice, it is also somewhat misguided as it gives a user a false sense of security.

One recent example is the malicious package in the PyPI repository, used by developers to build other Python packages, which was there for over a YEAR before anyone noticed!
https://www.bleepingcomputer.com/ne...on-package-available-in-pypi-repo-for-a-year/

Just because the code is 'open-source' doesn't mean someone IS going to read it. And even if someone does read it they may not see or understand exactly what and how everything works. Moreover, flaws can be right there in front of someone reading the code and not understood as a flaw.

I can cite more examples, such as "heartbleed", etc.

That's my 'rant' for today (unless I think of something else ;) ).
 


OP
Vrai

Vrai

Well-Known Member
Joined
Mar 16, 2019
Messages
1,060
Reaction score
999
Credits
4,055
The Linux Kernel Enters 2020 At 27.8 Million Lines In Git.....
I get rather annoyed when I see people touting the virtues of FLOSS with the caveat "it's open source - you can read the code". Not only is it impractical advice, it is also somewhat misguided as it gives a user a false sense of security.
The Linux Kernel Enters 2020 At 27.8 Million Lines In Git.....

Systemd Is Approaching 1.3 Million Lines.....

¯\_(ツ)_/¯
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top