• vext01@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    4 months ago

    If it’s any software you didn’t write yourself or audit every line of…

    For a typical Linux distro that’s tens of thousands of packages…

    • xavier666@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      ·
      4 months ago

      I am no expert on code-auditing. But I’m slightly at peace that there are 100s of experts looking at the code because it’s open-source. But i also understand mistakes can still happen. It’s not a perfect system, but it’s the best solution so far.

      • vext01@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        4 months ago

        There’s some truth to that, but bad actors have managed to slip things through in the past. It happened recently with xz.

        I guess my point is that we put a lot of trust in strangers when we run any code on our systems. Open or not.

        • xavier666@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          True. We can also not run code at all and be perfectly safe.

          I wish there was a comparison. Number of 0days in open source and 0days in closed source for comparible projects and a measure for time to mitigate the 0days.