[SOLVED] FOSS Philosophical Question

About programming and getting involved with Linux Mint development
Post Reply
User avatar
Ezee1015
Level 3
Level 3
Posts: 134
Joined: Fri Oct 23, 2020 7:38 pm
Location: Cerca del Planeta Tierra

[SOLVED] FOSS Philosophical Question

Post by Ezee1015 »

Hi! Here's a noob. Recently, Clem post that Warpinator is now available on Android by a independent developer (and that program, obviously, open source). Then one question came to my mind: I understand that the Warpinator application for the cell phone is Open Source Software, but how do I know that the developer has not put "other things" on it when they had compiled for the Play Store? Not that I disparage the project or the developer. I love the project and congratulate everyone who made it possible. But what I say goes beyond this project, but all open source pre-compiler software, be it .apk or .deb or .appimage. How can I know, or what certainty gives me that when installing the pre-compiled one it does not bring "other things"? when I downloaded it from github or another source, like the official website or an application center of any kind (like Mint has in his own OS, in example) Still, beyond this question, I much prefer FOSS than proprietary software, obviously. I know that I can read the code (and even compiled it, but I don't know how to do it sometimes, and the first and last thing that I compiled, it didn't work. Anyways, that is another history), but for make it faster and not complicate myself too much, when it's possible, I download it pre-compiled. That is my philosophical question.Thank you very much to all and greetings!!

PD: With other things I mean some kind of Malware or things that doesn't were in the original open source project
Last edited by Ezee1015 on Tue May 04, 2021 9:32 am, edited 1 time in total.
"La diferencia entre Windows y un virus es que el virus es gratis."
-------------------------------
"A computer is like air conditioning - it becomes useless when you open Windows" ~ Linus Torvalds
rene
Level 17
Level 17
Posts: 7538
Joined: Sun Mar 27, 2016 6:58 pm

Re: FOSS Philosophical Question

Post by rene »

Feel it a more practical than philosophical question. I.e., the same question as to safety holds for any and all binary distribution (-platforms), be it binary distribution of closed or open source software.

The (more or less so) practical difference between the two categories in this context is only latter's ability to be reviewed and also compiled by you or someone else you trust, given competence, or at least rely on some trusted community member with the necessary competence existing and keeping tabs. In the context of e.g. the Ubuntu/Mint repositories it's "more so" as it's particularly easy to recompile that which it distributes, in the context of the Google Play Store I expect (but do not know) this to not in fact be much harder given competence developing and distributing Android apps. And then there's of course also the issue of you potentially trusting those that populate your distribution's repositories more than e.g. Google in the first place.

What your question seems to imply is that you view verifiability in that malware sense to be a/the prime characteristic of open source and that is not a widely shared view. Open collaboration is the primary characteristic, as per e.g. https://en.wikipedia.org/wiki/Open-source_model. Haven't read the full article and it may mention easier verifiability as well because, yes, certainly it's a difference with closed source, but it's not primary. Just an additional perk...
User avatar
Ezee1015
Level 3
Level 3
Posts: 134
Joined: Fri Oct 23, 2020 7:38 pm
Location: Cerca del Planeta Tierra

Re: FOSS Philosophical Question

Post by Ezee1015 »

Now I understand. I've always had this doubt. Thanks a lot!!
"La diferencia entre Windows y un virus es que el virus es gratis."
-------------------------------
"A computer is like air conditioning - it becomes useless when you open Windows" ~ Linus Torvalds
t42
Level 5
Level 5
Posts: 875
Joined: Mon Jan 20, 2014 6:48 pm

Re: [SOLVED] FOSS Philosophical Question

Post by t42 »

Ezee1015 wrote:
Tue May 04, 2021 8:54 am
how do I know that the developer has not put "other things" on it when they had compiled for the Play Store?
If it really is the case you are on your own.
1
Apps may be designed to be clean at the time of installation and later add hidden malicious features during regular update.
2
Developer may sell ("transfer") their app in good faith to some entity. Said entity will add hidden malicious features during the update. Being 'sensibly paranoid' you can systematically monitor change of the app owner in Play Store.

Example of how app transfer went wrong
-=t42=-
User avatar
Ezee1015
Level 3
Level 3
Posts: 134
Joined: Fri Oct 23, 2020 7:38 pm
Location: Cerca del Planeta Tierra

Re: [SOLVED] FOSS Philosophical Question

Post by Ezee1015 »

I understand... Thank you all very much!!!
"La diferencia entre Windows y un virus es que el virus es gratis."
-------------------------------
"A computer is like air conditioning - it becomes useless when you open Windows" ~ Linus Torvalds
Post Reply