this post was submitted on 18 Jun 2023
569 points (99.0% liked)
Lemmy.World Announcements
29161 readers
49 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to info@lemmy.world e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email report@lemmy.world (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
but they can write malware and commit it to their repos.
the question is how long will it take for someone to recognize it. ie.: how well obfuscated is it?
not saying they gonna do it, just that doesn't trust any code just bc they are open source
They're not geniuses, they won't be able to hide malware code for long. And the moment it's recognized they are finished as far as ever being coders on any related project in the future, so I don't see how they could accomplish much by doing that.
That's not how this works
I'm just saying someone new in software development reading the comment I replied may misinterpret part of what they are saying as "all open source software is trustable" and reinforce that notion.
I'm not saying that lemmy devs have a higher chance of doing it bc they are tankies or whatever, no. They have no history of doing that and the project is so big and important that they really wouldn't risk it; it is indeed a bit silly to defend my point in this specific thread, now that I think about it.
also, like @minimar said, it's not how it works. most kind of obfuscation in open source code actually makes it easier to identify it as harmful. they are also found in libraries 99% of the time, not at the open source software repo itself. also, rust has no history of any harmful library.
anyway, sorry if I gave the wrong idea haha. just looking out for people who might have that notion, like I had.
Why would they do that lmao