Except that if everyone assume that someone would have done the audit, it would also simply mean that no one have done it.
Just do a research on reddit or quora (or google ofc): there’s always the same kind of formatted response.
This is a foolish - if not dangerous - way of thinking.
Also worthy of a mention: you need to be so proficient in so many languages to be able to actually audit the code yourself. It’s simply infeasible.
deleted by creator
This whole comment chain is about how relying on the community to audit is a type of bystander problem. At least that’s how I understood it.
deleted by creator
Only if you check all of the code and only if you trust Microsoft that they don’t inject stuff in the Github binaries and only if you build it yourself every single time, as the project doesn’t feature reproducible builds.
deleted by creator
At least in repositories there are supposed to be maintainers. I also don’t really trust them, but there’s no reason to trust the ungoogled people more than the maintainers of your distribution.
The point is, you can trust nobody.
deleted by creator
That’s the point, nobody does. There is no proper audit. And I don’t trust random people to do the audit properly.
deleted by creator
Okay, I now trust some random people on the internet instead of the original authors of the software.
Are the authors not also random people on the internet?
deleted by creator
This is correct. You can’t trust all of the Linux developers either, which is why we have Linus Torvalds and other maintainers with a good track record overseeing things.
Do you not understand how software development works or do you just choose to ignore blatant problems with untrusted forks of popular software?
deleted by creator