cross-posted from: https://lemmy.ml/post/30846701
The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.
Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?
Let’s hear it!
I don’t have the fluency to detect vulnerabilities or memory leaks. I wish I did, and I’m trying to learn. Being self-taught is hard work.
But I can read bug reports and get the hint. And I check upstream sources to make sure projects are still under active development. Even occasional maintenance is better than nothing.