jointhefediverse.net seems to be a commonly linked resource for directing people to join the Fediverse.
Curiously, it does not list Lemmy under the list of Reddit alternatives. Their GitHub README explains why.
Previous relevant discussion: https://lemmy.ml/post/78808
Have you read all the code though? Everyone assumes that somebody else will read every single file of the source code, and understand it all. Malicious code can be obfuscated.
Personally, no. However the technical lead of our instance has, and in fact wrote and debugged some of it.
Even a technical lead of an instance may not have read every single line of code because codebases these days are pretty large. Typically you might look at the code you’re working on, but not necessarily the entire codebase.
Hopefully Lemmy doesn’t have anything malicious in it, but it’s possible to sneak malware into open source projects. This sort of thing happened to XZ Utils last year.
If you are worried about the Lemmy codebase, there is https://piefed.social/
It’s still another codebase you need to trust, but in this case the devs don’t have specific political views
Yeah I’ve heard of that, maybe I should look at it more. Hopefully the Lemmy codebase is fine though. I’m just saying it’s possible, even if perhaps unlikely, that something could be lurking in the code which nobody has discovered yet. The XZ Utils backdoor was well-hidden and happened to be discovered, but maybe malicious code isn’t always discovered.