Open source software is considered by many to be the untainted version of freeware available on the web. Far too often, “freeware” packages in other smaller programs, from announced installs like Google or Yahoo toolbars to unannounced installs like spyware and adware. Open source is a much, much more trusted “standard” for web surfers to download and install programs while sleeping easier at night.
But I wonder how long such trust will last. I download and install open source apps regularly, and in fact, unless I know the application well I don’t install a closed source app when open source has alternatives. But do I look at the source code to check and make sure some spyware app isn’t packaged inside it? How many other people compile the source themselves, let alone truly understand the code enough to feel safe? And if someone with programming knowledge does this, will he be able to let the rest of us know and “out” the application?
Right now we (I) have blind trust in something deemed open source, and maybe a little more trust in something open source available on SourceForge or through a package manager, but there will someday come a time when even open source is not safe from the little things installed by determined marketers. What if an application is only really “safe” if manually compiled from source, but the compiled binary version has small print in the EULA hiting at additional software…?