XZ was also open source…albeit less eyes on it probably. Point is we take “open source” for granted and assume it means “secure” but the person running a project, even an open source one, can do real damage.
I agree with that sentiment fully, just because something is open source doesn’t mean it’s automatically secure. Though when an extremely popular project’s entire focus is high security & the specific eyes on the project are the exact people who are professionals in security, I’m more inclined to trust that it would be pretty hard for Daniel to slip in a critical flaw into the code.
Its just to me the whole idea that one man can sabotage a project of this scale seems pretty overboard. GrapheneOS is a great tool. A lot of people hated Edison, he was a huge ass with an even larger ego, but it doesn’t mean we shouldn’t use DC electricity. I would argue that if you dislike Daniel McKay, that same thought process should still apply. You may not think he’s the greatest guy, personally I don’t have any strong opinions on him. But what he’s done is undoubtedly extremely helpful to anyone concerned with both privacy & security.
XZ was also open source…albeit less eyes on it probably. Point is we take “open source” for granted and assume it means “secure” but the person running a project, even an open source one, can do real damage.
I agree with that sentiment fully, just because something is open source doesn’t mean it’s automatically secure. Though when an extremely popular project’s entire focus is high security & the specific eyes on the project are the exact people who are professionals in security, I’m more inclined to trust that it would be pretty hard for Daniel to slip in a critical flaw into the code.
Its just to me the whole idea that one man can sabotage a project of this scale seems pretty overboard. GrapheneOS is a great tool. A lot of people hated Edison, he was a huge ass with an even larger ego, but it doesn’t mean we shouldn’t use DC electricity. I would argue that if you dislike Daniel McKay, that same thought process should still apply. You may not think he’s the greatest guy, personally I don’t have any strong opinions on him. But what he’s done is undoubtedly extremely helpful to anyone concerned with both privacy & security.