Latest frostwire for mac12/26/2023 As for downloading the code and compiling it myself, this is safe in theory, but it’s really only safe if the code has indeed been vigorously reviewed, and no, this not the case for the vast majority of OSS projects. So, regarding downloading binaries, I think downloading a digitally signed app from a well-known commercial company (the liklihood of such an app being a trojan is practically zero) is safer than downloading unsigned OSS app from devs I never heard of from a mirror that I never heard of. So even if you don’t download binaries and only download code that you compile yourself, it’s most likely that that code hasn’t been reviewed at all (or possibly underwent merely cursory “reviews”), so again, there’s no guarantee that the code itself doesn’t contain malware. The idea that there’s massive code review going on guaranteeing security is a fallacy. Others do.” What “others”? The vast majority of projects on SourceForge are code reviewed only by the developers themselves, not by their “peers”. Regarding your comment, “I don’t personally check every line of code. And even this isn’t a guarantee if I don’t check the code myself (see below). To be *really* safe, I have to download the code and compile it myself (which I have NO desire to do). So there is a risk I must take when running the app because since the app isn’t digitally signed and it came from some mirror that I never heard of, there’s no guarantee that the app hasn’t been tampered with (injected with malware). And after doing so, I find that the app isn’t digitally signed. When doing so, I’m directed to a dozen or so mirror sites, most of which I’ve never heard of, and am directed to choose one of them from which to download the app. There’s also a risk that some third party tampered with the binary. It could be that the developer himself compiled spyware (or whatever) into the binary. There’s no guarantee that the binary corresponds with the provided open source code. Regardless of whether a project is open source, if you’re downloading the binary, there’s a risk. So your argument isn’t related to the underlying platform. And one could download closed source software for Linux. Of course, one could download only open source software for Windows too. At least, a bit more than with closed source.” And no, I don’t personally check every line of code. You cannot be so sure about that in the Windows world. There’s this confidence because these applications are open source and maintained by a well known group of developers.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |