[Freeswitch-users] The public perception of open-source software

[Brian May]

Ken Rice <krice at freeswitch.org> writes:

> These days “free” software seems to be a scary prospect to the general
> public. The association between open-source software and malicious
> “click here for free stuff” ads is strong and the fear of unknown
> “hackers” runs rampant. The old adage that “nothing good in life comes
> for free” has ingrained the idea that free is synonymous with
> scams.

Open source works best when you have multiple contributors. Linux is a
really good example, you have multiple companies paying developers to
contribute to it. I suspect Freeswitch might be another good example.

Sometimes however you end up with a very important project, with perhaps
as little as only one overwhelmed developer. Everyone uses the project,
everyone assumes it works, nobody actually audits the code or reviews
the changes made to ensure that they are sane. The developer is rushed
and doesn't have time to check his changes properly because he isn't
getting any outside help. Or makes what looks like an innocent change
only years later is found to be a massive security hole. A classic
example of this was openssl, before a number of high profile security
issues were found. The situation is much better now for openssl and
forks, however I know there are important packages still in a similar
situation.

Sometimes these projects suddenly turn into orphaned or unmaintained
projects because the developer left his company he was working at and is
no longer interested in the project.

So open source is good, anybody can contribute to the development;
however there are certain risks that also need to be managed
properly. Even more so if you are not actively involved in the community
and have no idea who is developing the software you are using.
-- 
Brian May <brian at linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/