Thoughts?

  • Sam@lemmy.ca
    link
    fedilink
    arrow-up
    30
    arrow-down
    1
    ·
    1 year ago

    His code contributions have always been high quality, and they’re audited by his peers. Its very unlikely malicious code would come from him, and even more unlikely it would make it through on to your phone.

    While he’s certainly unhinged, it’s clear that he cares deeply for the project. I can’t see him doing anything intentionally malicious.

    I really wish him the best, and I’m glad he stepped down. Much better for optics with him out of the way.

    • いなり@lemmy.ml
      link
      fedilink
      arrow-up
      12
      ·
      1 year ago

      This might age horribly, but I never really understood the worry that a high-profile open source developer might ‘smuggle’ some dodgy code into a repo. Sure, it’s possible. Especially in large projects, but the risk/reward ratio is simply ridiculously bad and there are so many other/simpler ways out there a malicious actor could use to make a profit.

      • Square Singer@feddit.de
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        The risk is definitely not higher than the risk of some closed sorce dev smuggling something dodgy into a high profile project like e.g. Windows.

        That said, I would trust an unknown git repo about as much as I would trust some exe I found on a random website.