it is a concern to me because there is no plan to do security audit despite people asked about ti in the past.
https://github.com/rustdesk/rustdesk/discussions/8392
https://github.com/rustdesk/rustdesk/discussions/4968
Not in their roadmap
https://github.com/rustdesk/rustdesk/discussions/918
people had concerns about the company:
https://www.reddit.com/r/rustdesk/comments/11nu94y/is_rustdesk_a_scam/
As HN: RustDesk Installs Chinese Root Certificates
Rustdesk is strange. It may just be a nice tool with some edges. But they failed to submission to Flathub for example because they wanted very high privileges with no explanation like read/write on all files.
The only time I took a gander on their repo, I saw the main guy asking ChatGPT how to implement something, and pointing the main dev at the answer.
Also, the pay-per-PR approach, while commendable on the surface, has a very high potential of unwanted behavior sneaking in, intentionally or otherwise, especially when combined with such blasé approach to coding and review.
This is perhaps a case where Rust’s superiority lead to questionable net gains. In the sense that if it wasn’t for Rust, such an approach would probably never have produced a product that appears, for all intents and purposes, to be perfectly functional, performant, and stable (presumably, I never used it). Rust allowed here, despite the “hard language” stereotype, a Lego model of development to work. But is that at the end of the day a good thing? That’s an open and nuanced question.
But hey, it’s all open source. If (the collective) you don’t like it, fork it and fix it, or pay for the audit, or use something else. Don’t expect anyone to shed a tear for your alleged quandary, or become a soldier in your witch hunt.
Thanks for sharing
We appreciate your concern about the security of our software, but we don’t have plans for a security audit at this time. Our open-source approach and commitment to secure coding practices are sufficient to ensure the security of our software.
As an open-source project, our code is available for anyone to review and audit. If you’re tech-savvy and concerned about security, you’re welcome to dive into the code and verify our claims for yourself.
We’re a team of experienced developers who are passionate about creating secure and reliable software. We’re asking that you trust us to do the right thing. We’ve earned that trust through our hard work and dedication to our craft. We’re not perfect, but we’re always striving to improve.
We believe that our approach is effective, and we’re not going to divert resources to a security audit that we don’t think is necessary. We hope you can understand and respect our decision.
Please explain and answer the concerns as voiced by the community ; without more detail man can think your are a troll, a bot, or someone generated this answer using GentAI tools.
Your answer is not accurate as it does not bring useful details to the community which have legitimate concerns.
In addition the mentioned GitHub repository in a first sight does not contain mandatory files like CONTRIBUTING or SECURITY which does not help user be confident and have less concerns. Moreover, as the reproducibility of builds is not easy to prove event for FLOSS projects, you cannot rely on that point about open source approach. It does not seem that you are using either Dependabot, Renovate or Snyk to ensure the security of the software.
You should really bring details and make the community less worried and more confident instead of bringing that type of answers.
Next ones of that type might be removed ; the community is not dedicated to open source washing.
No evidence this is anyone in the RustDesk team + shitty/possibly LLM-generated response leads me to believe this is a troll.
This is a joke, right?
We appreciate your concern about the security of our software, but we don’t have plans for a security audit at this time. Our open-source approach and commitment to secure coding practices are sufficient to ensure the security of our software.
As an open-source project, our code is available for anyone to review and audit. If you’re tech-savvy and concerned about security, you’re welcome to dive into the code and verify our claims for yourself.
We’re a team of experienced developers who are passionate about creating secure and reliable software. We’re asking that you trust us to do the right thing. We’ve earned that trust through our hard work and dedication to our craft. We’re not perfect, but we’re always striving to improve.
We believe that our approach is effective, and we’re not going to divert resources to a security audit that we don’t think is necessary. We hope you can understand and respect our decision.
Please explain and answer the concerns as voiced by the community.
By simply pointing to your license as your answer and passing on the burden of proof onto others only validates and doubles the community’s concerns.
This is quite unprofessional coming from someone in whom we’re supposed to assume is either the leader of the project or representative/spokesperson.
You’re probably talking to a troll trying to get people riled up, FYI. The likelihood this commenter actually has anything to do with Rustdesk is almost 0. Brand-new account, and I don’t think their username even lines up with any Rustdesk dev’s.
Could be, it depends on their response
In addition this could be used to verify by talking with the devs on the project repo.
Based on their username I wouldn’t be surprised if this was a troll. On the slight chance that they were indeed related to the project I made a reply as professionally as I could in the little time I have atm👍
Makes sense!
