I absolutely could. That doesn’t change my stance on this software.
The code hidden in xz was also publicly available and didn’t get caught. So much for open source making all things safe just by being open source. And that was a high value target. Imagine what happens (or could) on a smaller scale.
Honestly now, are you reading code of a nice project You want to spin up in a docker to try out? I don’t. I check the project and the stars/engagement. If it goes any further I check who is involved in it and that’s about it.
It’s open source, so you can read the code.
I absolutely could. That doesn’t change my stance on this software.
The code hidden in xz was also publicly available and didn’t get caught. So much for open source making all things safe just by being open source. And that was a high value target. Imagine what happens (or could) on a smaller scale.
Honestly now, are you reading code of a nice project You want to spin up in a docker to try out? I don’t. I check the project and the stars/engagement. If it goes any further I check who is involved in it and that’s about it.