✨buff dog himbo✨
@astraleureka I'm sorry, I thought the entire point of "open source" was that it's vastly easier to audit than closed source/most proprietary software. Isn't the discovery of this backdoor a good thing, because it means the open source model is working? (To catch threats and weaknesses in a collaboratively developed system?)
Maybe I'm underinformed, but if it took a long time to be discovered then maybe FOSS community needs to be more aggressive & thorough with auditing FOSS software. 🤷
Wolf480pl
@itsmeholland @astraleureka
It's not that it took long to discover, it's that it took an incredibly lucky coincidence, and a mistake on the attacker's part.
There could be 50 more backdoors like this that we don't know about and there's no reason for them to be caught.
Part of the problem is that some parts of open-source software (eg. build scripts) are often hard to audit despite being open-source (this is fixable).
Another part is insufficient amount of people wants to audit software.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.