cross-posted from: https://lemmy.ml/post/30846707

cross-posted from: https://lemmy.ml/post/30846701

The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.

Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?

Let’s hear it!

  • Lazycog@sopuli.xyzEnglish
    5·
    1 个月前

    If it’s something that is not very popular/known I do actually look at the code, but never all of it.

    I check:

    • most recent commits
    • for something that might have been hidden before one of the releases
    • deeper into utility files
    • look for suspicious patterns in code that might be trying to hide something. Mostly for/in external network call related code

    This is of course very superficial and in general I try to avoid obscure projects that are not popular and well known.