Would you trust an open source software maintained by a developer who you disagree with politically (or otherwise don't like the developer)?
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
wrote last edited by [email protected]Yes because it can be verified by others even if you don't understand
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
It depends:
If the software is neutral regarding the poitical topics, then yes of course.
I know one who makes "opinionated software" and says so, openly. If I would strongly disagree, then I would probably not trust the software. Fortunately I agree with his opinion
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Lemmy is exactly that for a lot of people, the developers are quite controversial.
Obviously most users are not installing the software from those developers on their personal machines, but serving a federated instance certainly involves doing so.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I'm assuming this is a dig at Lemmy? The author is a tanky, the software is Janky and we are all having a fun time anyways.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I would probably trust but depending on the issue, I might just refuse to run it on my machines on principle. Just like how I wouldn't want to hang one of Hitler's paintings on my living room wall no matter how good it might be.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Would you drive on a road made by nazis? Your life literally depends on the quality of the road, but where does political ideology come in to this equation?
With software though, different things are at stake, but how will ideology affect the quality? I think it does have a effect on features and how the project is run, but isn’t quality a mostly separate area?
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I'm going to guess not everyone who runs a lemmy server agrees with the maintainer's politics
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I moved off of lemmy because I didn't want to use software made by a tankie, so no.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
You are not supposed to trust anyone who doesn’t have a duty of providing trust. It is why companies like Red Hat, canonical and Novell were paid billions; they did the reviews and provided support. Yes, some distributions try to provide some of that (like Arch, Debian, etc) but only for core packages (everything else is just the Wild West and it could be malware again)
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
You use so much open source software--often indirectly--that it's almost impossible to avoid every asshole with an opinion.
That said, there is one dev where I disagreed with his actions so much that I actively avoid his stuff. It's not really political, but he's one of those devs who can do incredible work on his own, but has the social skills of a moldy sandwich. You may have used his work in the past indirectly, as his event library (libev) used to be the basis for Node.js. (The Node.js devs moved elsewhere many years ago due to technical issues such as Windows compatibility).
Anyways, he had a Perl event library known as AnyEvent. It has a bit of a weird, inside-out interface compared to most other event libs, but it works really well once you get the hang of it. The problem that came up was that he didn't like the way a certain extension module used AnyEvent. He threw a tantrum and had AnyEvent detect if that extension was loaded, and
die()with a big error message about his personal opinion on the matter. This broke perfectly functioning systems when they upgraded AnyEvent.That's when I stopped using his stuff and urged my coworkers to do the same. Can't risk that time bomb going off. Wasn't a small matter, either, as he also wrote the most common way to parse JSON on Perl.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Depends heavily on application (access required, sensitivity of data handled, etc) and nature of disagreement as it pertains to trustworthiness.
Example A: I use Lemmy even though I disagree politically with the original devs because the design appears sound and it doesn’t require access to sensitive data.
Example B: I won’t use anything from the Proton Foundation because the founders’ personal comportment and political leanings have led me to suspect that they intend to sell user data.
-
I moved off of lemmy because I didn't want to use software made by a tankie, so no.
Does it make much difference when your still federalised?
If you had not mentioned it i would be unable to tell that you are not on lemmy, i also believe your comments and interactions are still getting indexed by lemmy instances and help their growth.
That said, your instance is alluring to me.
I didn’t know about piefed till now, how big of a switch/change would it be?
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
If it has lots of independent eyes on the code and provides a service I need and can't find a superior solution to, sure, as I will not be needing any services that disagree with my political opinions and as long as I'm not financially supporting said developer.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Yes.
Whether you'd boycott it is another thing.
-
Yes because it can be verified by others even if you don't understand
Everyone else, in unison: "yes, someone else will say something if this is a bad program"
Someone Else
: wind gently blowing, as a tumbleweed goes by -
I'm assuming this is a dig at Lemmy? The author is a tanky, the software is Janky and we are all having a fun time anyways.
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn't trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
-
Lemmy is exactly that for a lot of people, the developers are quite controversial.
Obviously most users are not installing the software from those developers on their personal machines, but serving a federated instance certainly involves doing so.
I don't "trust" tankies, because no authoritarian can ever be trusted, nor do I trust lemmy. I just prefer to vote with my content/wallet, and Reddit showed the world they don't deserve their user base, or any of their content.
This is an open non-profit platform anyone can scrape. That's good enough for me, until something with a better value proposition comes along.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
open source is safe.
even non-technical people can learn how to look at issues on Github (or wherever the code is kept).
it's like restaurant reviews: if there are dozens of people saying they got malicious food, then you have reason to be careful, even if you don't understand why the food is malicious.
caveat: if the code is open source but no one has had time to review it, it's potentially dangerous even if there are no issues yet. it takes time for people to review the code. and there should be multiple reviewers; there's always the chance that a single malicious developer has created multiple github users. Time is on your side here.
-
Depends heavily on application (access required, sensitivity of data handled, etc) and nature of disagreement as it pertains to trustworthiness.
Example A: I use Lemmy even though I disagree politically with the original devs because the design appears sound and it doesn’t require access to sensitive data.
Example B: I won’t use anything from the Proton Foundation because the founders’ personal comportment and political leanings have led me to suspect that they intend to sell user data.
While I am... suspicious of what the CEO (?) has spouted recently, I am unaware of how that connects to user data. Can you ELI5/summarize/point me in a direction?
