Why gentoo so low
I bet they copied some code for mastodon and paid Gargron to not try to go after them. That would definitely give them a huge lift. Otherwise, I don't see how they were able to quickly come up with this. Tech companies take forever to build stuff usually
Nothing is 100% secure. FOSS is definitely more secure, all else equal.
I mean if a github project has only 3 stars, it means no one is using it. Why does safety matter here? Early adopting anything has risks.
This is kind of a false comparison. If it has 3 stars then it doesn't even qualify for this conversation as literally no one is using it.
There is a much higher chance that someone out of 7 billion people will audit open source than it is likely for a corporation to do it, let alone make it publicly known and fix it.
Software vendor supply chain affects ALL software. It is caught much sooner with open source.
Random strangers are more trustworthy, because they're most likely users like you are.
Although this is fair, those contributors were from a research group from a prestigious university. That makes them much more trustworthy by default, and its natural that a code reviewer will give them more benefit of doubt.
- Yes, I do it occasionally
- You don't need to. If it's open source, it's open to billions of people. It only takes one finding a problem and reporting it to the world
- There are many more benefits to open source: a. It future proofs the program (many old software can't run on current setups without modifications). Open source makes sure you can compile a program with more recent tooling and dependencies rather than rely on existing binaries with ancient tooling or dependencies b. Remove reliance on developer for packaging. This means a developer may only produce binaries for Linux, but I can take it and compile it for MacOS or Windows or a completely different architecture like ARM c. It means I can contribute features to the program if it wasn't the developer's priority. I can even fork it if the developer didn't want to merge it into their branch.
That's a good idea, but it only makes the problem a little better. I still wouldn't want one large aliases.sh file with environment variables for every application I customized. Would rather have them separate somehow without gobbling up a file
Mistakes happen. This is one of the most common vulnerabilities in the software world. Again, it's easy to say it's insane when you aren't the one making it. I don't see you making anything half as good and without mistakes.
Constructive criticism is okay, but this isn't it. Sounds very entitled.