The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.

Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?

Let’s hear it!

  • corsicanguppy@lemmy.caEnglish
    5·
    1 day ago

    I maintained an open-source app for many years. It leveraged a crypto library but allowed for different algos, or none at all for testing.

    Some guy wrote a CVE about “when I disable all crypto it doesn’t use crypto”. So there’s that. It’s the only CVE we got before or during my time.

    But even we got one.