• Zagorath
    link
    fedilink
    English
    401 year ago

    I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.

        • Zagorath
          link
          fedilink
          English
          21 year ago

          Eh I think that’s fair. You don’t have to trust fdroid per se, so much as trust that they’re not collaborating with a specific developer. It’s a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we’re having here.)

    • Tier 1 Build-A-Bear 🧸
      link
      fedilink
      English
      91 year ago

      Isn’t the point of open source that you can check the code for yourself though? Can’t do that with closed source

      • Zagorath
        link
        fedilink
        English
        3
        edit-2
        1 year ago

        You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can’t do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.

        • Tier 1 Build-A-Bear 🧸
          link
          fedilink
          English
          21 year ago

          Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It’s just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It’s just common sense.