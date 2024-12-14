MrGuvernment said: There is way too much trust in open source in general that free code is safe code... so people blindly just copy pasta' the crap out of it. Click to expand...

Yep, waaaaaaaaaaay too many people think that OSS = perfectly safe. I hear the "many eyes" thing get repeated on and when when in reality:1) Plenty of projects have only one guy, or two guys, that contribute to them. While anyone could, in theory, nobody does and it is entirely one dude's project.2) Even when there are multiple people, code reviews are often very superficial. Just because another coder looked at it, doesn't mean they did a good job. Sometimes (more often than you think) it is literally just bitching about variable names.3) Bad actors can join a community, and they can be sneaky. Someone can contribute good code, get a reputation, and then start sneaking things in.Open source CAN be secure, but it is not definitonally secure.