ta-lib icon indicating copy to clipboard operation
ta-lib copied to clipboard

Published 20 hours ago verified publisher icon TA-Lib

Trust issues !!!

Open summa-code opened this issue 10 months ago • 1 comments

With recent incident with XZ utils in Linux, how do we trust the contributing authors? Not questioning the authenticity of the original author. But not sure about the other contributors.

summa-code avatar Apr 12 '24 22:04 summa-code

Thanks for your confidence, but you should not trust me neither :smile:

My Github account could be hijack etc...

A few relatively good news with TA-Lib:

  • 100% open-source and can independently be audited.
  • Can be verified to NEVER do any network access.
  • Generated code (and test) to mitigate human error (with array/buffer overflow).
  • Development is moving at turtle speed (if at all), so changes are easy to track.

Opinion

I think the bigger problem is NOT with open-source projects.

Guaranteeing a complete secure developer setup is hard. Example:

VSCode add-ins are blindly giving 100% access to the host... and many of these add-ins are closed source.

mario4tier avatar Jul 15 '24 16:07 mario4tier

I hear you. Thanks for the update.

summa-code avatar Oct 17 '24 01:10 summa-code