cross-posted from: https://lemmy.ml/post/30846701
The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.
Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?
Let’s hear it!
Not a dev here so I have to trust what I’m hosting on my server…
I do check the issue section and base my opinion on how healthy a repo is and how long it hasn’t been update.
Based on popularity also helps a bit? Check how san their docker-compose is and how complicated and what closed source thing they integrate in the image, but that’s it !
However, on android I do some app analysis with PCAPdroid to check what strange communications is happening behind the scenes.