cross-posted from: https://lemmy.ml/post/30846701
The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.
Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?
Let’s hear it!
Yes. I have various ways I check, including reading the source code, looking for open known vulnerabilities, and reviewing recent commit history to see if it’s still actively maintained.
And…Looking at the other replies here - you’re all welcome, I guess. Yes. I am that part of the community. We exist. There may be dozens of usm…
Anyway. Thank you all for all you do in the community, too. High fives all around.