• fireshell@lemmy.ml
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 month ago

    by this logic it turns out that the code quality control system is built in such a way that if someone has malicious intent and wants to add malicious code, but is not affiliated with dubious structures, then he will easily succeed? Hey, what about enough eyeballs and shallow bugs?

    • MrAlternateTape@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      I do agree that quality control should catch things, but we are all human and we don’t catch a 100%. So if quality control is flooded with too much things to catch, the chance of one slipping by increases.

      Also, a lot of FOSS is based on volenteers, do we just ask those people to put in more hours? Who is responsible anyways if something makes it through and actually causes damage to something or someone?

      I find the decision quite reasonable. You at least filter out the party most likely to pull something shady. We should still be very careful, but it takes away some the work.