Even a technical lead of an instance may not have read every single line of code because codebases these days are pretty large. Typically you might look at the code you’re working on, but not necessarily the entire codebase.
Hopefully Lemmy doesn’t have anything malicious in it, but it’s possible to sneak malware into open source projects. This sort of thing happened to XZ Utils last year.
I’m not raising a conspiracy theory point, I’m raising what is surely a valid point: everybody assumes that someone else will read all of the source code and understand it all.
Codebases are large, and malicious code can be obfuscated. Hopefully Lemmy’s code is fine, but I definitely don’t know for certain that it’s completely clean. I just hope that it is.
Have you read all the code though? Everyone assumes that somebody else will read every single file of the source code, and understand it all. Malicious code can be obfuscated.
Maybe there’s something in the codebase that sends all our data to North Korea… who knows.
Can’t I get a return trip? It’s going to be annoying to get a train or plane to take me home.
Yeah I’ve heard of that, maybe I should look at it more. Hopefully the Lemmy codebase is fine though. I’m just saying it’s possible, even if perhaps unlikely, that something could be lurking in the code which nobody has discovered yet. The XZ Utils backdoor was well-hidden and happened to be discovered, but maybe malicious code isn’t always discovered.