This is not my point. Trusting someone else's code audit is infinitely more valuable than trusting any "vibe check", since it touches the actual subject matter.
Anyway, since we're talking concrete software, could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
If not, your point is moot for the subject at hand. Decisions have to be made on the basis of reality not cozy fantasies.
I am not sure I run a single piece of software where this is done. Sporadic audits tend to bring evidence of soundness and security, not continuous absence of malicious functionality.
> I am not sure I run a single piece of software where this is done.
And yet you run it. Have you vibe-checked every such software? Did that bring you enough information about individuals creating it? If not, if there are no readily available signs, have you vetted their own, private beliefs otherwise — in order to ensure they don't clash with your own?
What if Linus Torvalds turned out to be secretly a Nazi pedophile for the whole time? Would that make you stop using Linux?
You are moving the goalpost. There is no constructive discussion possible, if you can't concede weak arguments.
But yes, I vibe checked the software projects I use. They are mostly large enough, where single individual failings are of no consequence and unhinged people are usually removed from executive control through various means. But it's trust based on feelings and the information I got. Most people involved in these projects are mature and controlled enough to not mix politics with their work. It's not a good sign to not be in control of such impulses.
And I rather take a chance with the unknown bad, than rationalize the known. Luckily most people with a collectivist FOSS mindset don't turn out to be monsters. Who could have predicted that?!
I was just asking to know your thought process, but this discussion probably won't lead to anything anyway — in my view a person's stance on vaccines, gay rights, what have you, doesn't make you any worse developer. If the technology is sound — which I can vibe-check (by a glimpse on how the code is maintained, documented etc.) — I have no reason to peek into one's private views. Your opinion is different, I still don't fully understand it, but we'll just have to agree to disagree.
We are not talking private opinions, we're talking public ones. Lol.
If you fail to understand why human rights and state repression stances don't matter evaluating trust in secure and private communication means, we indeed don't need to discuss any further. It is a bit silly tho.
>could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
and sandblast has written a lot of words that indicate “no”, so they’ve been pretty consistently arguing not to use simplex.
This makes sense. Trusting a stranger’s code is bad but trusting a stranger’s opinions about code is good.
Unless you mean that only users personally capable of walking through the code line by line and their immediate friends and family should run code written by neo nazis
