• mycus@kbin.social
    link
    fedilink
    arrow-up
    17
    arrow-down
    30
    ·
    1 year ago

    but they can write malware and commit it to their repos.

    the question is how long will it take for someone to recognize it. ie.: how well obfuscated is it?

    not saying they gonna do it, just that doesn’t trust any code just bc they are open source

    • FaceDeer@kbin.social
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      1 year ago

      They’re not geniuses, they won’t be able to hide malware code for long. And the moment it’s recognized they are finished as far as ever being coders on any related project in the future, so I don’t see how they could accomplish much by doing that.

      • mycus@kbin.social
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        I’m just saying someone new in software development reading the comment I replied may misinterpret part of what they are saying as “all open source software is trustable” and reinforce that notion.

        I’m not saying that lemmy devs have a higher chance of doing it bc they are tankies or whatever, no. They have no history of doing that and the project is so big and important that they really wouldn’t risk it; it is indeed a bit silly to defend my point in this specific thread, now that I think about it.

        also, like @minimar said, it’s not how it works. most kind of obfuscation in open source code actually makes it easier to identify it as harmful. they are also found in libraries 99% of the time, not at the open source software repo itself. also, rust has no history of any harmful library.

        anyway, sorry if I gave the wrong idea haha. just looking out for people who might have that notion, like I had.