Kevin@lemmy.worldtoProgramming@programming.dev•Dumb question: how do I know if an open source project is trustworthy?English
8·
6 months agoI look at the contributors on Github and check them out. I’ll check out what else they’ve worked on and maybe see if they have an account on mastodon or twitter. Maybe I’ll ask some friends if they’ve used or heard of the product, or know of the devs.
There is indeed malware disguised as OSS and you do sometimes have to vet them. I’ll skim the codebase and see if there’s anything that looks weird or funky, but that’s not perfect (like in the case of the xz) and some stuff can slip by.
I’m a scrub that pays for YouTube Premium and I’ve also been running into songs and videos that just don’t play recently because I’m using uBlock Origin.