![]() If you read my other replies you'll see why. It's worth remembering this when choosing where to place our trust. To be fair, the onus is not on them to convince us to use their software, but on us to decide how much we're willing to trust them for the convenience of using their software. In such cases, the developers may well be trustworthy but may not be incentivised enough to demonstrate the same level of commitment to earning our trust. ![]() Whilst companies need to earn our trust because they want us to use their software so they can make money, smaller non-commercial/hobbyist projects may not necessarily care whether we do or not. All these can give an indication of developer motivation and diligence in making sure that the code is clean. I personally look for projects with multiple contributors who also contribute to other reputable projects, look at how the developers respond to issues in the issue tracker, the quality of their documentation, and even just the history of how the project came about. There are other ways smaller projects can earn our trust. This is not to say never trust small non-commercial projects. This is one step that Bitwarden has taken to earn our trust that most smaller projects like vaultwarden cannot afford. On the other hand, Bitwarden pays a third-party auditor for their code to be independently audited, and they publish their audit reports for the world to see. The problem is, we are all that somebody else. In most small hobbyist projects, a systematic, independent code audit most certainly never happens, and we mostly just trust that if anything was amiss, somebody else would have spotted it. With smaller projects like vaultwarden, we know the code can be audited in full, we just don't know who has done it, when and how, if at all. With open source software, anyone can perform an audit to check that there is no malicious code. The real question is, how much do we trust that robust steps are being taken to mitigate the risk of such exploits? It isn't a matter of trusting any one developer or company, but trusting that all the cogs in the open source machinery are turning to make the open source model work. Being linked to a company is no guarantee that the product can be trusted, open source or not. In the same way a rogue developer could inject malicious code into a non-commercial project, a rogue employee could inject malicious code into a commercial project. ![]() Whatever trust we invest in open source software can certainly be exploited. On the subject of whether it's OK to trust vaultwarden over Bitwarden, I've followed the discussions in this thread with interest and would just like to share my views. I have not used the official Bitwarden so can't really make a meaningful comparison. I don't think the official Bitwarden server will run on a Pi. I use vaultwarden because it's lightweight and runs well on my Raspberry Pi. What Is SelfHosted, As it pertains to this subreddit? Also include hints and tips for less technical readers. We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Service: Blogger - Alternative: WordPress Service: Google Reader - Alternative: Tiny Tiny RSS Service: Dropbox - Alternative: Nextcloud While you're here, please Read This FirstĪnd why not Visit the Official Wiki Github?Ī place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |