• sorghum@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    16
    ·
    6 months ago

    I look at ‘source available’ software as the right to review the code yourself to ensure there’s no malicious behavior, not for community development.

    • solrize@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      6 months ago

      You mean if you build it yourself? I guess that is something, but it is still conceivable to sneak stuff in. Look at that xzlib backdoor from a few weeks ago.

    • xavier666@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Is there any way to verify that the product in deployment is built from the same source? I’m guessing hash values but I still think it can be faked.