cross-posted from: https://lemmy.ml/post/30846701
The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.
Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?
Let’s hear it!
Occasionally. Not big projects like Krita. I regularly check apps with Wireshark, most apps should be entirely offline. I also turn off internet access with flatseal.
What’s wireshark?
its a packet and internet analyzer, im mostly concerned with security issues so i constantly check packets on outgoing connections. for apps where the internet is unimportant i disable their ability to access the internet. the vast majority of security issues are solved by preventing internet access.
occasionally a small project shows up on my radar. usually its an alternative frontend for discord, youtube, etc that has not stellar security but much better than what youtube or discord gives you out of the box. ive submitted maybe 1000 detailed security issues on github to small open source projects, many have been implement 🤓
Oh I was looking for one for pc.
I quite enjoy this ability to disable internet access on Android with netguard and trackercontrol.
It’s a packet analyzer