• cley_faye@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    10 months ago

    Not everyone have to check something. But there are people that do routinely check popular stuff, either on their own or for their job. Sometimes this raises issues, which are usually handled appropriately. Of course if you download a little unknown piece of software made by a single person and never advertised anywhere, you’ll have to do the job yourself. But anything semi-popular attracts enough attention to get some level of audit, at least because business uses a lot of open source. There are even businesses whose main product is auditing and developing open source, kind of like bounty hunters.

    And of course there are counter-examples, too. TrueCrypt got pulled out quite dramatically, and I’m not sure we know why even now. But the more sensitive the stuff, the higher the chance of it getting some level of investigation.