I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.

    • Crashumbc@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      9 days ago

      One of the big weaknesses of open source is the same as democracy. Nobody has time to review every piece of code (or research and hold accountable every politician) which leads to risks.

      • digdilem@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        9 days ago

        How is that weakness different to installing closed source software?

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          8 days ago

          It’s a different risk vector. While companies want your information to sell, they don’t want to take over your computer to use it in a bot net or steal your bank information and clean out your account.

          Open source by it’s very nature relies on a lot of people having good intentions, free time, and knowledge for it to work well and safely.

          • digdilem@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 days ago

            Actually - a lot of closed source programs are still vulnerable to the supply chain attacks you mention where a bad actor has got access to their codebase. This has happened and been reported on, plus I’m sure, plenty of occasions where it was hushed up for reputational reasons. And - much commercial software still uses FOSS dependencies, so is also vulnerable to the same situation you describe for that. Worst of both worlds.

            I don’t think either system is inherantly better than the other in terms of computer security. Each has different and overlapping vulnerabilities.

      • Nytixus@kbin.melroy.org
        link
        fedilink
        arrow-up
        1
        ·
        8 days ago

        And it’s why people stress to death that documenting is important. Even if you may not have time to review every single code, it wouldn’t hurt to leave footnotes as to where someone could take said code to pick up from where it left off.

        If you leave somebody with nothing then it’s dead code.

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 days ago

          Absolutely that’s always good. I was talking more about someone intentionally adding malicious code though.