this post was submitted on 25 Oct 2023
2236 points (99.2% liked)

Programmer Humor

32710 readers
604 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 

I'm trying out Obsidian for taking notes, and this made me laugh.

you are viewing a single comment's thread
view the rest of the comments
[–] hperrin 5 points 1 year ago* (last edited 1 year ago)
  • Open source doesn’t guarantee safety without specific (and expensive) third party audits.

This one is debatable. Without expert eyes, open source code doesn’t do much to guarantee safety. Expert eyes aren’t necessarily expensive, but for non-super-popular projects, they are hard to entice. Can you spot a cross site request forgery attack vector at a glance? Have you used open source software without checking for this specific attack vector in all relevant code? So, as stated, this is basically true.

  • Open source doesn’t mean faster development. Code review often takes longer than development.

This is true. You need those experts from point one to check if contributed code introduces security vulnerabilities. Code is work^2. Work to write and work to review. (Also work to maintain, so work^3, but whatever.)

  • Open source projects don’t last forever.

This seems false, but is phrased super oddly. I mean, nothing lasts forever, so sure, but open source code is essentially available for as long as someone is interested in it enough to preserve it, so I would generally disagree.

  • Open source requires a lot of extra effort, and the developers would rather put that effort into the app itself.

This is unambiguously true. I maintain several fairly popular open source libraries, and they take work. I also see the benefit in maintaining them as open source projects, but that is my own discretion, as a fan of open source software. If I were more worried about profit, I could definitely see this as a barrier to releasing my code as open source, considering I need to pay those engineers for the work they do just maintaining the project as an open source project.

This is also not to be confused with a source-available project, where the source code is freely available, but not necessarily under an open source license, which can be much easier to maintain.