cross-posted from: https://lemmy.ml/post/30846701
The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.
Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?
Let’s hear it!
If it’s a package I’m not familiar with and is relatively small/unknown then I’ll give it a brief once over to see if there’s anything that sticks out (obfuscated code, making http requests when the package should never do that, etc.). Most of the time though it is just trusting the FOSS community.