this post was submitted on 13 Oct 2024
39 points (89.8% liked)

Opensource

1403 readers
18 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 1 year ago
MODERATORS
pylapp
39
Rustdesk No security audit, not even in roadmap (lemmings.world)
submitted 1 month ago by [email protected] to c/opensource
12 comments fedilink hide all child comments
 

it is a concern to me because there is no plan to do security audit despite people asked about ti in the past.

https://github.com/rustdesk/rustdesk/discussions/8392

https://github.com/rustdesk/rustdesk/discussions/4968

Not in their roadmap

https://github.com/rustdesk/rustdesk/discussions/918

people had concerns about the company:

https://www.reddit.com/r/rustdesk/comments/11nu94y/is_rustdesk_a_scam/

As HN: RustDesk Installs Chinese Root Certificates

https://news.ycombinator.com/item?id=39256493

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 month ago* (last edited 1 month ago) (1 children)

We appreciate your concern about the security of our software, but we don't have plans for a security audit at this time. Our open-source approach and commitment to secure coding practices are sufficient to ensure the security of our software.

As an open-source project, our code is available for anyone to review and audit. If you're tech-savvy and concerned about security, you're welcome to dive into the code and verify our claims for yourself.

We're a team of experienced developers who are passionate about creating secure and reliable software. We're asking that you trust us to do the right thing. We've earned that trust through our hard work and dedication to our craft. We're not perfect, but we're always striving to improve.

We believe that our approach is effective, and we're not going to divert resources to a security audit that we don't think is necessary. We hope you can understand and respect our decision.

Please explain and answer the concerns as voiced by the community.

By simply pointing to your license as your answer and passing on the burden of proof onto others only validates and doubles the community's concerns.

This is quite unprofessional coming from someone in whom we're supposed to assume is either the leader of the project or representative/spokesperson.

[–] [email protected] 11 points 1 month ago (1 children)

You're probably talking to a troll trying to get people riled up, FYI. The likelihood this commenter actually has anything to do with Rustdesk is almost 0. Brand-new account, and I don't think their username even lines up with any Rustdesk dev's.

[–] [email protected] 0 points 1 month ago (1 children)

Could be, it depends on their response

In addition this could be used to verify by talking with the devs on the project repo.

Based on their username I wouldn't be surprised if this was a troll. On the slight chance that they were indeed related to the project I made a reply as professionally as I could in the little time I have atm👍

[–] [email protected] 2 points 1 month ago

Makes sense!