I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?

    • squiblet
      link
      fedilink
      81 year ago

      The way people use npm has long been a problem - the basic concept of pulling in 4 dozen small snippets of code from repos all made by different people and rarely verified. It’s quite different than running one application with a group of developers who understand all the components and monitor/approve changes.

    • @[email protected]
      link
      fedilink
      41 year ago

      True, but these have been identified pretty quickly, they’re not insidiously harvesting data in the background over long periods.

      • @Tanoh
        link
        51 year ago

        Well, we have detected those that have been detected. It is possible that there are some sleeper repos no one has detected yet.

        But it is not really a problem or something bad with FOSS, just have to be careful when including and updating libraries, which you always have to be!