Hacker News new | ask | show | jobs
by jollybean 1420 days ago
What is the difference between a 'random' and 'non random' repo?

The whole point of 'Open Source' is that we can use code which might otherwise be a bit 'random'.

It's not 'Institutionalized Open Source' it's just 'Open Source' i.e. we're not all Torvalds.

So, credibility etc. is a very fickle thing otherwise, this is a serious security issue and we really don't have answers.

We used to think about code as 'logic that works' but now we have other criteria, I wonder if our FOSS models need to adapt bit.
1 comments
drekipus 1420 days ago
It's a good point actually.

I suppose the message is "read the code you're using" but that is hard for big libraries and frameworks.

Obviously using one's code where they are impersonating someone else is a big red flag.

link
jollybean 1419 days ago
Reading the code for functional integrity is already a big deal, but having to sleuth around for the sneacky hacks? No way.

I don't know what the answer is, but the model has to be changed.

link