Audio production on Linux, using proprietary audio plugins, is somewhat funny/interesting to see in the context of security.
I mean, there are a lot of recent efforts to put applications in containers, sandboxes, lots of talking about X11 being unsafe vs Wayland...
And then users just download and run arbitrary binary code from the internet 😅
Nothing against those that do this, it is just a bit funny to see from a security perspective.
@falktx You're right, but I mean, open source can be just as dangerous as arbitrary binary code. The openness is only an *opportunity* for security, but you need enough competent people to look at the code for it to make a difference. Also that it's compiled from the exact same code that's available.
People who believe it's safe just because it's FOSS need to rise their guard a bit. Especially as Linux grows and becomes more of a target.
@macberg yes as I see it incompetence can happen equality on both sides. stuff that leads to hacks by accident.
malice is harder to do when the code is open though.
also, proprietary + commercial vendors much more often have analytics and other network related features vs opensource plugins, so I am then more skeptical of them in general. a plugin requiring libcurl is often a red flag for me.
@falktx Malice is harder, but very much not impossible. Look at the Deepin desktop for instance (I'm not saying they're malicious, but they very well could be, given how they've stubbornly kept introducing deliberate vulnerabilities, and no one seems to have noticed/cared except OpenSuse).
Libcurl is a good thing to point out. I hadn't even thought about that one myself, but it's quite obvious now that you mention it.