3np 4 days ago

Personally I do take at least a quick look over sources before deciding to trust any new app. I simply won't install apps that don't provide the option.

This used to be an ideological stance but increasingly recently it's the only pragmatic thing to do from a stance of security and safety. The playing field is increasingly hostile and if someone asks you to install their software on you machine and let it record your face and voice but refuse to show what it actually does, that is a red flag. Reasonable exceptions could include video games (which run on dedicated untrusted devices and IMO the IP aspect makes the closed-source stance more understandable there). On the other hand, this app is inherently sensitive and trusted because of its function. I don't see the reason why it needs to be closed-source.

Malware is commonly distrubuted in all app stores. I reported some obviously pretty bad stuff that is still up a year later on Play Store, for example. Google simply doesnt bother if the case is too messy.

> hmm not sure yet on the open source thing

You could start with just go source-available by sharing the source with your users without going full Open Source, if you want to take the time and think about what license to use.

2
michaelphi 4 days ago

thanks for the write up! it's an electron app so i think you can also view the source code easily that way tbh

2 replies
kaladin-jasnah 4 days ago

Another thing to add: this is Linux-only and a large amount of Linux users will care about your product being free software or under an open source license for ethical reasons. Source available doesn't mean open source, and open source means your product's license protects distribution and modifications of the code to some extent. This extent is quite debated, but you should certainly read up on this and have a strong defence for why your product isn't open source either way. I can certainly see why you wouldn't want to, but make sure to think about it especially for Linux-only. Windows and Mac users are probably more amenable to proprietary software.

wutwutwat 4 days ago

> you can also view the source code easily that way tbh

sure thing, just gotta download and execute it.... WAIT A MINUTE. YOU ALMOST GOT ME! YOU SOB

> you can also view the source code easily

can just as easily throw it on github, if your intentions were legit

econ 4 days ago

Some day we should have everything sandboxed on the hw level. Like computers in 1980