I don’t need to go through all the source code myself. The fact that Apple itself, for example, relies on Linux for most of its servers and has not raised any alarms about bits of Linux phoning home is a pretty powerful heuristic that it’s relatively safe.
Multiply that by all the multibillion dollar other companies, the tens of thousand open source focused smaller and large companies, the hobbyists, the enthusiasts, the CS professors, the CS undergrad and grad students, the PHD candidates who would be thrilled to discover a flaw on the basis of which they could write their thesis, etc. and I think one can have a fair degree of confidence.
There’s still a decent chance something would be missed. But it’s much smaller than the chance that the proprietary OS owners, whom we know for a fact phone home and have been trying to collect increasing amounts of data, are sending stuff we may not know about.
> The fact that Apple itself relies on Linux for most of its servers is a pretty powerful heuristic that Linux is relatively safe [paraphrased by me]
Many world-class companies depend on Windows, so does that mean you think Windows is safe?
An individual does not have the same access to custom tools, and teams of competent people, that ensure their usage of the Linux ecology is secure.
A recent example: I was investigating using CloudFlare Functions, because I think CloudFlare has world-class security and that “serverless” product avoids many security issues I might have with other solutions. Yet one setup step suggested piping in a script from curl to shell (commonly suggested for install steps!). Even worse, https://github.com/cloudflare/wrangler2 is their CLI tool to help development, and Wrangler is based on the node ecology, which is completely insecurable as an individual developer IMHO (trillion dollar companies can probably secure the dev environment). I use a VM to provide some sandboxing, but it still leaves me feeling icky.
Multiply that by all the multibillion dollar other companies, the tens of thousand open source focused smaller and large companies, the hobbyists, the enthusiasts, the CS professors, the CS undergrad and grad students, the PHD candidates who would be thrilled to discover a flaw on the basis of which they could write their thesis, etc. and I think one can have a fair degree of confidence.
There’s still a decent chance something would be missed. But it’s much smaller than the chance that the proprietary OS owners, whom we know for a fact phone home and have been trying to collect increasing amounts of data, are sending stuff we may not know about.