Something I’ve wondered. One of those “too good to be true, it probably is” type things. With all the FOSS especially for linux, installing package after package because a web search said it would fix your problem, how is it Linux isn’t full of malware and such?
Id like to understand better so I can explain to others who are afraid of FOSS for those reasons. My best response is that since it’s open source, people can see what it’s doing and would right away notice something malicious. I wouldn’t, since I’m not that into code, but others would.
I believe that as a FOSS developer, in order for your code to be implemented and widely adopted, you’ll have first reached a certain level of trust in the community. That, and yes your open source code can be picked through. Malicious code isn’t always immediately found, but it does ruin the hard earned reputation of the developer.
Source: just speculation from being a FOSS fan for many years