[toofy]

To echo a sibling comment, I think you may be discounting the time and effort it would take to monitor every change made and the ripple effects of each change.

One of the key pieces of open source is the larger a project, the more people will be incentivized to monitor the code for malicious changes. This distributes the burden to a much much larger pool therefore minimizing the burden to single nodes across the board.

Is it perfect? No, absolutely not. Do malicious or unintentional bugs slip through? Sure. But when it comes to scaled out projects, nothing is perfect and never will be. I certainly trust a large open project with years of reputation built up and a large user base significantly more than a large closed source project or large and open with no reputation.

There are of course valid criticisms of this model but I’ve yet to see an alternative put forward that isn’t fraught with its own issues.

I do find it strange how over the past few years we’ve seen a number of people who engage in a whiplash type behavior where they see minor problems with a model so they whiplash away into a far worse model with far more serious problems.