Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust issues !!! #32

Open
summa-code opened this issue Apr 12, 2024 · 1 comment
Open

Trust issues !!! #32

summa-code opened this issue Apr 12, 2024 · 1 comment
Labels
wontfix

Comments

@summa-code
Copy link

summa-code commented Apr 12, 2024
edited
Loading

With recent incident with XZ utils in Linux, how do we trust the contributing authors? Not questioning the authenticity of the original author. But not sure about the other contributors.
@summa-code summa-code changed the title Trust issues Trust issues !!! Apr 12, 2024
@mario4tier
Copy link
Member

Thanks for your confidence, but you should not trust me neither 😄

My Github account could be hijack etc...

A few relatively good news with TA-Lib:

  • 100% open-source and can independently be audited.
  • Can be verified to NEVER do any network access.
  • Generated code (and test) to mitigate human error (with array/buffer overflow).
  • Development is moving at turtle speed (if at all), so changes are easy to track.

Opinion

I think the bigger problem is NOT with open-source projects.

Guaranteeing a complete secure developer setup is hard. Example:

VSCode add-ins are blindly giving 100% access to the host... and many of these add-ins are closed source.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mario4tier @summa-code