I absolutely could. That doesn’t change my stance on this software.
The code hidden in xz was also publicly available and didn’t get caught. So much for open source making all things safe just by being open source. And that was a high value target. Imagine what happens (or could) on a smaller scale.
Honestly now, are you reading code of a nice project You want to spin up in a docker to try out? I don’t. I check the project and the stars/engagement. If it goes any further I check who is involved in it and that’s about it.
Yeah, I had a Android application installed recently which strangely enough tried to reach my vaultwarden DNS? That sounded sketchy AF and just blocked it, removed it and cleaned every trace of it…
It’s open source, so you can read the code.
I absolutely could. That doesn’t change my stance on this software.
The code hidden in xz was also publicly available and didn’t get caught. So much for open source making all things safe just by being open source. And that was a high value target. Imagine what happens (or could) on a smaller scale.
Honestly now, are you reading code of a nice project You want to spin up in a docker to try out? I don’t. I check the project and the stars/engagement. If it goes any further I check who is involved in it and that’s about it.
Yeah, I had a Android application installed recently which strangely enough tried to reach my vaultwarden DNS? That sounded sketchy AF and just blocked it, removed it and cleaned every trace of it…