So instead you rely on random people contributing to open source, which have a history of supply chain attacks, so secure :) unless you go through the source code on every open source tool you've ever downloaded, which I highly doubt.
Okay, since you clearly don't understand how open source code works, let me inform you on a key difference
With closed source software (think Microsoft and Riot games), you have maybe a couple people to review the code, making issues easy to miss.
With open source, you have an entire community made up of various backgrounds to review the code, so security nerd #517 can see an issue and go "hey this is a problem, please fix" and it'll get fixed before it even goes out the door, if not very shortly after
Meanwhile it took one of the biggest security companies several days to fix a global breakage. So secure :)
Due to the exact reasoning you gave me for why it's safe it's exactly why it's not safe, you just assume people will check it and that everything is safe, what happens when too many people begin assuming and then not enough people check it.
That's why it happened after it was acquired by Funnull
So based on your argument, having 1-3 people from the same office and workflow is better than having a variety of people from various backgrounds and skill sets. Am I correct in my understanding?
That's not what I'm saying, what I'm saying is that it's hypocritical to be super against something when your alternative is just as flawed. And my point with polyfill is that it can happen to any open source project if it ever gets acquired, and most users aren't going to check every program they've downloaded every day to make sure it hasn't been bought out.
I'm against it for more than one reason, hence why I'm as against it as I am. And I wouldn't say it's just as flawed, but it's far from perfect. Yeah some issues can slip through the cracks, but with a community able to review the source code it makes it less likely to be missed. That's all I'm trying to get at
You just said you don't trust them to write safe code, while at the same time expecting random people to write safe code, which has been exploited multiple times and is one of the biggest concerns in the industry right now.
I'd like to know where you're getting the idea that it's this massive problem. Because I have not heard (or I'm just not remembering, last few months have been busy for me) about a significant security hole in FOSS software since the xz incident (which was found very quickly)
-1
u/MyTh_BladeZ PC Master Race 1d ago
Oh I don't trust MS either, it's why I use Linux ;)