The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.

Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?

Let’s hear it!

  • sugar_in_your_tea@sh.itjust.worksEnglish
    22·
    2 days ago

    I don’t audit the code, but I do somewhat audit the project. I look at:

    • recent commits
    • variety of contributors
    • engagement in issues and pull requests by maintainers

    I think that catches the worst issues, but it’s far from an audit, which would require digging through the code and looking for code smells.

    • dieTasse@feddit.orgEnglish
      6·
      2 days ago

      Same here, plus

      • on the phone I trust F-droid that they have some basic checks
      • I either avoid very small projects or I rifle through the code very fast to see if its calling/pinging something suspicious.