Friendica Social Network (Leipzig)

All Europeans

1 Woche her (Empfangen 5 Tage her) •

All Europeans
1 Woche her (Empfangen 5 Tage her) •

Keep in mind that just because an application is open source doesn't mean it's safer. If nobody checks its code for bugs or malware, it could be worse than other software.

----

We have so many questions that are making us feel a bit uneasy: ❓

In what ways can you be certain that a particular open-source software solution is secure?

What factors do individuals with an IT background consider when making decisions about open source software safety?

Certain open source software solutions have extensive code bases. Consequently, it would require a significant investment of time to verify the absence of bugs or malicious code. 🐞 ☠️

That said, even those who can understand code may not always have the time or energy to investigate every piece of software they install. So what are their criteria for endorsing a particular piece of software that they haven't analysed its code? 🧭

And what tips do you have for people who aren't developers, to help them make the best choices when they can't understand the code? Who can they trust?

#opensource #cybersecurity

Kevin Karhan :verified: 7 Tage her (Empfangen 5 Tage her) •

I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

#opensource #e2ee #security #SingleProvider #singlevendor #OpenStandards #selfcustody #centralized #proprietary #reproduceablebuilds #monocleschat #keys @Signal @monocles

All Europeans 6 Tage her (Empfangen 5 Tage her) •

That's true, open source doesn't always mean the best solution.

Checking reproduceable builds looks a little bit complicated but it would be great if we could do it easily! 🤔

Kevin Karhan :verified: 6 Tage her (Empfangen 5 Tage her) •

well, @monocles do #ReproduceableBuilds as that's necessary to get their apps on @fdroidorg / #FDroid!

#fdroid #reproduceablebuilds @F-Droid @monocles

F-Droid 5 Tage her •

@monocles It's true that #Conversations and its fork #MonoclesChat are reproducible today, yet they are not setup like this historically (signed by F-Droid). While we push for reproducible builds, these are not a must, but an extra check of trust.

https://f-droid.org/docs/Inclusion_How-To/#reproducible-builds

Inclusion How-To | F-Droid - Free and Open Source Android App Repository

This page documents how a new application gets included in the main F-Droidrepository. It includes the technical details that a submitter should beaware of.A...

^f-droid.org

#conversations #monocleschat @monocles

⇧