• books@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    9 months ago

    Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn’t malicious? I can barely read my coworkers code… Let alone a strangers.

    • xor@infosec.pub
      link
      fedilink
      English
      arrow-up
      6
      ·
      9 months ago

      people are definitely going through the code on a project as popular as audacity…
      less well known stuff is much less scrutinized, of course

    • aidan@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.

    • lemmeee@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.