• blarth
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 months ago

    Do you trust all of the apps in those 3rd party repositories? You shouldn’t.

    • HarmlessCake@discuss.tchncs.de
      link
      fedilink
      Deutsch
      arrow-up
      2
      ·
      3 months ago

      More than some google bs. They’re open source, you could theoretically look at all the executed commands if you’re not trusting it enough. Sure it could be another binary, but I think most people doing something FOSS (meaning freetime invested not for profit, out of hobby/interest/inspiration) are reasonable enough to not do stupid stuff like that. The way big corps are trying to overtake FOSS projects is the danger. Microsoft bought GitHub to get access to all of the community built software, we should diversify, I’m agreeing. Only a few big companies have taken the internet hostage, we need to free it again. As a community, normally the internet should be a place of plurality, not a few big sites that are the main hubs for everything. That’s what it was intended for

      • blarth
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Being open source doesn’t impart any modicum of security to an app. It does introduce the ability for someone to push malicious code to it and have it accepted by a maintainer. There’s not enough oversight and free labor available to review the code for every open source project throughly.

        So, while you may not trust Google with your data, you should similarly not trust FOSS just because it’s open source and not Google.