• Zangoose@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    5 months ago

    And turns out, everything that they give you in the package is actually third party! Meaning, stuff that has access to the lowest depths of your hardware, to stuff that you use to enter your bank details are all made by different people. So many people you have to put your trust into.

    And if that’s not enough, the people who compile it and send it to you might be totally different people from those who made the code!! What kind of heresy is this?

    You joke but I’ve met people that actually think like this

    • ulterno@lemmy.kde.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      The reason for that being that all the points I have put are fully valid.

      The rest depends upon the persons inference.

      • Having a separate coder and a packager means there is a good chance that another person (the packager) is looking at the code.
        • And this other person is also most probably a separate entity, so if the coder is malicious, someone will know.
      • Then comes the point of the distro community being more open and fragmented, as compared to a corporation, that can keeps their members’ mouths shut using contracts and all

      • For the same thing, the pro corpo guys will say that they have a single entity to go to for any problems. And since they have a contract (which maybe a b2b client-provider contract), their interests match.
        • As opposed to some random chap on the internet, developing some Open Source thing as a hobby, purely for their own fun/ego/satisfaction.

      CC BY-NC-SA 4.0

      • Zangoose@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        Your points about enterprise support are fair but I was more talking about people that believe that FOSS is inherently less secure than something closed source controlled by a single large company (i.e. security by obscurity which doesn’t actually work)

        Honestly I do agree in some ways support is better for enterprise products but at the same time companies could still use some sort of source-available license to promote transparency/security auditing while having the same control as a closed source product. It’s not FOSS but would definitely be better than having everything closed off