5
Ederbit
6y

Let's asume I wan't to use software X. I notice software X is open source.

How do I validate that said software doesn't do shady stuff?

Is there some kind of platform which lists the audits of each software or alerts the internet if shady stuff happens?

I know about alternativeTo.net, where you can find software alternatives with licencing filters. (Which is great btw) but I'm missing proper validation of open source software...

Comments
  • 1
    Look at the source code, particularly anything that executes processes or calls out to a server
  • 5
    If you don't want to read the source code, you can take the usual black box approach. Tcpdump, netstat, strings, strace, debugger... You know, the real difference is that you are legally allowed to check this stuff with open source software. Commercial softwares EULA treat reverse engineering attempts illegal.
    This was one of the reasons the Opensource movement was founded by Richard Stallman.
  • 1
    Have a look at this paper, it's a classic.

    https://win.tue.nl/~aeb/linux/...
  • 2
    @mt3o woah. I have rev. engineered a few commercial software recently. Did know that this is illegal. "As long as I am not modifying it for the bad, I should be fine" was my motto. But damn...
  • 0
    @-ANGRY-CLIENT- EULAs are tricky.. but how would they know? 😉
  • 0
    @segfault0xff That's quite hard isn't it. A millon lines of code and somewhere is a backdoor. I wouldn't trust me to notice it.
  • 3
    @-ANGRY-CLIENT- it doesn't matter if for good or bad.

    Did you know that you are not allowed to design weapons of mass destruction on Apple computers? EULAs prohibit that.
Add Comment