this post was submitted on 25 Apr 2025
28 points (85.0% liked)

Linux

9992 readers
298 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
28
With FOSS, what is to stop scammers from hiding malware or worse in their programs? (lemmy.world)
submitted 23 hours ago by applemao@lemmy.world to c/linux@lemmy.world
22 comments fedilink hide all child comments
 

Something I've wondered. One of those "too good to be true, it probably is" type things. With all the FOSS especially for linux, installing package after package because a web search said it would fix your problem, how is it Linux isn't full of malware and such?

Id like to understand better so I can explain to others who are afraid of FOSS for those reasons. My best response is that since it's open source, people can see what it's doing and would right away notice something malicious. I wouldn't, since I'm not that into code, but others would.

you are viewing a single comment's thread
view the rest of the comments
[–] Kazumara@discuss.tchncs.de 7 points 9 hours ago

Well the packages from the default repo are vetted by your distro maintainers. So if you just install a package from your distro's repo you're still relying on the security of your distro.

If you go outside of that, either to get a FOSS package that wasn't packaged for your distro, or to get a non-FOSS package, you have to do your own due diligence, just as when you're downloading a third party package for Windows or macOS. Either by reputation or by finding someone trustworthy who has actually checked the code.