this post was submitted on 07 Jul 2023
1671 points (92.9% liked)

Memes

45731 readers
975 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
1671
It's Open Source! (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Not discrediting Open Source Software, but nothing is 100% safe.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 40 points 1 year ago (1 children)
  1. Yes, I do it occasionally
  2. You don't need to. If it's open source, it's open to billions of people. It only takes one finding a problem and reporting it to the world
  3. There are many more benefits to open source: a. It future proofs the program (many old software can't run on current setups without modifications). Open source makes sure you can compile a program with more recent tooling and dependencies rather than rely on existing binaries with ancient tooling or dependencies b. Remove reliance on developer for packaging. This means a developer may only produce binaries for Linux, but I can take it and compile it for MacOS or Windows or a completely different architecture like ARM c. It means I can contribute features to the program if it wasn't the developer's priority. I can even fork it if the developer didn't want to merge it into their branch.
[–] [email protected] 7 points 1 year ago (1 children)

Regarding point 2. I get what you’re saying but I instantly thought of Heartbleed. Arguably one of the most used examples of open source in the world, but primarily maintained by one single guy and it took 2 years for someone to notice the flaw.

[–] [email protected] 4 points 1 year ago (1 children)

Uhh... so? The NSA was sitting on the vulnerability for EternalBlue in Windows for over 5 years.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Dont understand what that has to do with the discussion so far. How is this relevant here?

[–] [email protected] 7 points 1 year ago (1 children)

No more or less relevant than heartbleed. Yes vulns exist in open source software, sometimes for a while. Being open source can lead to those vulns getting discovered and fixed quicker than with closed source.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

And how does this negate my initial point that you shouldn’t trust in the security of something just because it is open source? I think you misunderstood what I was saying.