As a packager, I totally relate to this: we generally don’t have the resources to follow the upstream development of the projects we rely on, let alone audit all the changes they make between releases.
Open source software still has security advantages — we can communicate directly with the maintainers, backport security fixes and immediately release them to users, fix bugs that affect the distribution, etc. — but I agree that it’s not a silver bullet.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Rules:
Be civil and nice.
Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
As a packager, I totally relate to this: we generally don’t have the resources to follow the upstream development of the projects we rely on, let alone audit all the changes they make between releases. Open source software still has security advantages — we can communicate directly with the maintainers, backport security fixes and immediately release them to users, fix bugs that affect the distribution, etc. — but I agree that it’s not a silver bullet.