this post was submitted on 13 Oct 2024
37 points (89.4% liked)
Opensource
1325 readers
6 users here now
A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
We appreciate your concern about the security of our software, but we don't have plans for a security audit at this time. Our open-source approach and commitment to secure coding practices are sufficient to ensure the security of our software.
As an open-source project, our code is available for anyone to review and audit. If you're tech-savvy and concerned about security, you're welcome to dive into the code and verify our claims for yourself.
We're a team of experienced developers who are passionate about creating secure and reliable software. We're asking that you trust us to do the right thing. We've earned that trust through our hard work and dedication to our craft. We're not perfect, but we're always striving to improve.
We believe that our approach is effective, and we're not going to divert resources to a security audit that we don't think is necessary. We hope you can understand and respect our decision.
Please explain and answer the concerns as voiced by the community ; without more detail man can think your are a troll, a bot, or someone generated this answer using GentAI tools.
Your answer is not accurate as it does not bring useful details to the community which have legitimate concerns.
In addition the mentioned GitHub repository in a first sight does not contain mandatory files like CONTRIBUTING or SECURITY which does not help user be confident and have less concerns. Moreover, as the reproducibility of builds is not easy to prove event for FLOSS projects, you cannot rely on that point about open source approach. It does not seem that you are using either Dependabot, Renovate or Snyk to ensure the security of the software.
You should really bring details and make the community less worried and more confident instead of bringing that type of answers.
Next ones of that type might be removed ; the community is not dedicated to open source washing.