undefined | Better HN

0 pointsyjftsjthsd-h3mo ago0 comments

My point was more that there's plenty of software that is not FOSS and is also not published by an identifiable legal entity, traditionally appearing as freeware/shareware for Windows/macOS. And even if there does appear to be some sort of legal entity (human or company), how many people are going to check that a company even exists on paper before installing the random .exe from its website?

0 comments

jqpabc1233mo ago

My point was more that there's plenty of software that is not FOSS and is also not published by an identifiable legal entity

Yes, installing any software of "unknown origin" is a gaping security hole --- whether FOSS or not.

The fact that some people do dumb stuff does not negate the fact that a lot (if not most) FOSS fits in this category. Anonymous maintainers and contributors is pretty normal operating procedure which equates to zero accountability.

The common retort is, "Well, the source is available for review". But as this example shows, this is a very weak indicator of security or safety. A review is often not done before (or even after) distribution --- and certainly not with a malicious actor in charge.

yjftsjthsd-hOP3mo ago

Okay, but your original claim was:

> Anonymity is the unique aspect of open source that opens the door for malicious activity without consequences.

If you'd like to amend to something like

> Anonymity, which is in play for most FOSS and a decent chunk of proprietary software, opens the door for malicious activity without consequences.

Then I wouldn't strongly disagree. I'm still a little skeptical, because people keep finding backdoors in non-FOSS software/firmware, of course, but it'd at least be a defensible claim. I'm only really objecting to the notion that this is unique to FOSS.

j / k navigate · click thread line to collapse