this post was submitted on 25 Oct 2023
2270 points (99.2% liked)
Programmer Humor
32560 readers
280 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This one is debatable. Without expert eyes, open source code doesn’t do much to guarantee safety. Expert eyes aren’t necessarily expensive, but for non-super-popular projects, they are hard to entice. Can you spot a cross site request forgery attack vector at a glance? Have you used open source software without checking for this specific attack vector in all relevant code? So, as stated, this is basically true.
This is true. You need those experts from point one to check if contributed code introduces security vulnerabilities. Code is work^2. Work to write and work to review. (Also work to maintain, so work^3, but whatever.)
This seems false, but is phrased super oddly. I mean, nothing lasts forever, so sure, but open source code is essentially available for as long as someone is interested in it enough to preserve it, so I would generally disagree.
This is unambiguously true. I maintain several fairly popular open source libraries, and they take work. I also see the benefit in maintaining them as open source projects, but that is my own discretion, as a fan of open source software. If I were more worried about profit, I could definitely see this as a barrier to releasing my code as open source, considering I need to pay those engineers for the work they do just maintaining the project as an open source project.
This is also not to be confused with a source-available project, where the source code is freely available, but not necessarily under an open source license, which can be much easier to maintain.