The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
I mean you can see the source code. You’ll know if anyone does something weird if you have two braincells.
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
Nope, I’m just a clown who doesn’t actually work in tech.
I can’t tell if you’re joking but if you are that’s hilarious
Oh shit I must’ve said something really dumb now.
(I wasn’t joking).
It’s not a dumb point so much as just naive – and its the lesson we learned from the xz backdoor.
Sure the source code is out there for anyone to see, but are the right people actually looking?