Professional audits happen for big projects, and hobbyists audit the programs they use frequently. In addition, some projects adhere to the reproducible builds guidelines, which ensures the packages you’re receiving are identical to the upstream repo. There’s more work to be done in formalizing and automating these processes but this isn’t a major issue by any means
Professional audits happen for big projects, and hobbyists audit the programs they use frequently. In addition, some projects adhere to the reproducible builds guidelines, which ensures the packages you’re receiving are identical to the upstream repo. There’s more work to be done in formalizing and automating these processes but this isn’t a major issue by any means