this post was submitted on 23 May 2024
97 points (92.2% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54500 readers
649 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Isn't it open source?
If you are not hosting, it having a repo on Github makes no difference. The server you are connecting to might have a different service running and you cannot know.
Is every open source app audited? Look at the XZ near disaster. And XZ is pretty critical software. Open source doesn't mean it's safe by default, it means that the code can be read.
The XZ topic was way more complicated than that and overly exaggerated by some people. Open source is still the closest thing we have to "safe by default".
Still, as someone else stated, if you're not hosting it's not truly open source as you can't really verify the actual code running behind the server.
IMO the XZ thing shows the strength of open source, some turbo pedant found the backdoor within about an hour of it being released because a program took 0.3 seconds longer to start. That wouldn't be possible in a closed source app that can't be debugged properly.
Yeah, but usually with open-source software you get like 150 Github comments complaining and outlining their shady business practices... If there's something to complain about.
The XZ disaster is an example for sth else. There are probably more backdoors in proprietary software that we just don't know about. And they can just keep it hidden away and force the manufacturers to do so. No elaborate social engineering like in the XZ case needed... And no software is safe. They all have bugs and most of them depend on third-party libraries. That has nothing to do with being open or closed source. If so, being open provides you with more of a chance to catch mischievous behaviour. At least generally speaking. There will be exceptions to this rule.