Privacy

38421 readers

626 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Do you actually audit open source projects you download? (lemmy.ml)

submitted 1 week ago by OhVenus_Baby@lemmy.ml to c/privacy@lemmy.ml

30 comments fedilink hide all child comments

cross-posted from: https://lemmy.ml/post/30846701

The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.

Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?

Let's hear it!

you are viewing a single comment's thread
view the rest of the comments

[–] network_switch@lemmy.ml 3 points 1 week ago* (last edited 1 week ago)

I’ve reviewed code, in particular I’ve looked over merge requests on occasion but mostly out of academic interest than being very concerned over security. Just want to see how people accomplish a task. Learning.

I’ve monitored network traffic just because sometimes I just want to do that rather than paranoia. Practice and learning.

I’ve run code through a local sonarqube instance and whatever other scanning software I feel like trying along with building applications from source but again it’s not from paranoia but for personal interest that’s mostly just making sure I’m in practice of being able to do so.

I’m not a security professional so I don’t have the background and experience to really notice things that can be problematic like people I know who have a career directly cyber-net-etc-security related rather than my tangential

So really I don’t audit code. At least not huge codebases. When it’s just a few 100 line files of python to accomplish something, I’ll read them. There’s usually a requirements.txt in there though pulling in pip packages and I know I haven’t audited up the dependencies. At work there’s standards handled by people where it’s their job to determine whether the code you’ve written and dependencies pass the minimum to be deployable to computers on the network and that too is mostly handled by security scanning software both open source and closed commercial software