Gotta sometimes depend on some other people in your life. I also depend on people not mixing toxic stuff into my groceries. The people from F-Droid are generally nice and have proven themselves. And there is more than one pair of eyes on most of the code. And automatic checks.
Honestly, I sometimes do. I contribute to free software, file bugreports and most of the time have a look at the code to see if I can fix it myself and hand in a patch. I tinker around with brand-new niche ideas. More often than not my (larger) contributions are to small projects and not the large ones. It’s not my hobby to fix Firefox. I think there are a lot of people like me.
And for Linux distributions and something like the F-Droid you have some maintainers on top, who often review every patch and new version.
And that’s the issue. I totally understand that one does not want to look through tens of thousands of lines of code just to use a silly little app. Even if you can understand the programming language and even if you took your time to look into it, its really unlikely that one would find either malicious code or simply security relevant bugs just from skimming through it.
However, if everyone just relys on others no one actually checked it. Yes it is possible to look into OS code but that alone doesn’t make it better. There has to be at least someone to check it. The open source community is such a small one already.
It’s like buying a ticket for the train. There might be controls so almost everyone does it. But as soon as it gets common knowledge that there are never any checks some will start to not do so. And in case of software even if something gets spotted eventually it might have had enough time to cause serious damage
Gotta sometimes depend on some other people in your life. I also depend on people not mixing toxic stuff into my groceries. The people from F-Droid are generally nice and have proven themselves. And there is more than one pair of eyes on most of the code. And automatic checks.
(I got this one, but it’s for Linux and USB, not Android & Bluetooth: https://github.com/jnweiger/led-name-badge-ls32/ )
deleted by creator
Honestly, I sometimes do. I contribute to free software, file bugreports and most of the time have a look at the code to see if I can fix it myself and hand in a patch. I tinker around with brand-new niche ideas. More often than not my (larger) contributions are to small projects and not the large ones. It’s not my hobby to fix Firefox. I think there are a lot of people like me.
And for Linux distributions and something like the F-Droid you have some maintainers on top, who often review every patch and new version.
deleted by creator
And that’s the issue. I totally understand that one does not want to look through tens of thousands of lines of code just to use a silly little app. Even if you can understand the programming language and even if you took your time to look into it, its really unlikely that one would find either malicious code or simply security relevant bugs just from skimming through it.
However, if everyone just relys on others no one actually checked it. Yes it is possible to look into OS code but that alone doesn’t make it better. There has to be at least someone to check it. The open source community is such a small one already.
It’s like buying a ticket for the train. There might be controls so almost everyone does it. But as soon as it gets common knowledge that there are never any checks some will start to not do so. And in case of software even if something gets spotted eventually it might have had enough time to cause serious damage
deleted by creator