Would you trust an open source software maintained by a developer who you disagree with politically (or otherwise don't like the developer)?

deathbybigsad@sh.itjust.works

Not really directed at Lemmy.

I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn't trust the former lead dev.

Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.

whatamlemmy@lemmy.world

I don't "trust" tankies, because no authoritarian can ever be trusted, nor do I trust lemmy. I just prefer to vote with my content/wallet, and Reddit showed the world they don't deserve their user base, or any of their content.

This is an open non-profit platform anyone can scrape. That's good enough for me, until something with a better value proposition comes along.

stinky@redlemmy.com

open source is safe.

even non-technical people can learn how to look at issues on Github (or wherever the code is kept).

it's like restaurant reviews: if there are dozens of people saying they got malicious food, then you have reason to be careful, even if you don't understand why the food is malicious.

caveat: if the code is open source but no one has had time to review it, it's potentially dangerous even if there are no issues yet. it takes time for people to review the code. and there should be multiple reviewers; there's always the chance that a single malicious developer has created multiple github users. Time is on your side here.

wreckedcarzz@lemmy.world

While I am... suspicious of what the CEO (?) has spouted recently, I am unaware of how that connects to user data. Can you ELI5/summarize/point me in a direction?

lukaro@piefed.zip

I choose not to do business with anyone who's too vocal about their political disagreements. I'm paying you for your services not your opinion so shut up!

autonomoususer@lemmy.world

'Open source' is a deliberately ambiguous phrase, engineered to derail libre software.

jubilationtcornpone@sh.itjust.works

One my neighbors is a highly skilled craftsman. I dont use that label loosley. I'm a very competent DIYer but his work is in a class above mine. He built a metal railing around his deck and it is immaculate. Clearly constructed by someone with years of welding experience and a keen eye for detail.

We don't really talk politics but I know for a fact that there are at least a few things we disagree on.

That said, I would absolutely hire him to fabricate something for me if I needed it. I really doubt he does his day job because of his political beliefs. I assume he takes a lot of pride in his work and would do the same quality job for me as he would for anyone.

It's a serious error to constantly try to distill people down to their politics. That's a divisive tactic intended to devalue and dismiss "the other side." Whoever that happens to be at the moment. Don't misunderstand what I'm saying. Politics are important and the way our governments and societies operate affects all of us.
But, people are complex and multi-faceted beings with a wide variety of experiences that shape who we are. Our lives are highly contextual and consequently, so are our dealings with others.

frightful_hobgoblin@lemmy.ml

Is the political disagreement around surveillance or something related?

frightful_hobgoblin@lemmy.ml

The whole entire point of free software is trustlessness.

_thebrain_@sh.itjust.works

jdupes: it's great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.

chunes@lemmy.world

I've installed thousands of programs on my systems over the past 30 years. Closed source, open source, you name it. Never had a single problem.

Trusting software is such an overblown hangup that people have. Even if it bites me in the ass someday, so what? I'll roll back, reformat, do whatever I have to do. It'll have been worth it.

snoons@lemmy.ca

In this situation, any closed source developer/project manager would never disclose such issues, if they caught them at all.

I trust open source code a hell of a lot more then close sourced stuff because anyone can look at it/test it and see if somethings fucky.

eheran@lemmy.world

You always have to trust others. If a key person can not be trusted anymore, the option to constantly check the code is not really an option.

rodgegrabthecat@sh.itjust.works

Sure. Brave and GrapheneOS are two that I trust but have misgivings about their project heads.

gigachad@piefed.social

I made the switch some weeks ago and can only speak of my experience using Voyager: The switch was flawless.

omegalemmy@discuss.online

I already do, I disagree with a lot of foss devs

muntedcrocodile@hilariouschaos.com

Whenever I download or run some foss software I always read through 1 random file to ensure no dodgyness is happening in that 1 singular file. I'm doing my part.

anothernobody@lemmy.world

Not when it comes to anything important like work or other sensitive data.

masterspace@lemmy.ca

The developer is kind of just a sack of shit. I'm 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.

mudman@fedia.io

I presumably already do. Am I expected to know every single maintainer of every single piece of software I boot up? That is a LOT of homework to run an application.

Genuinely can't tell if this a real question or some weird reductio ad absurdum thing on the not separating art from the artist trend in modern society.