hmm not sure yet on the open source thing, but how do people normally verify downloadable software has no malware? I guess we could try to distribute it on like reputable distribution channels like the app store
Personally I do take at least a quick look over sources before deciding to trust any new app. I simply won't install apps that don't provide the option.
This used to be an ideological stance but increasingly recently it's the only pragmatic thing to do from a stance of security and safety. The playing field is increasingly hostile and if someone asks you to install their software on you machine and let it record your face and voice but refuse to show what it actually does, that is a red flag. Reasonable exceptions could include video games (which run on dedicated untrusted devices and IMO the IP aspect makes the closed-source stance more understandable there). On the other hand, this app is inherently sensitive and trusted because of its function. I don't see the reason why it needs to be closed-source.
Malware is commonly distrubuted in all app stores. I reported some obviously pretty bad stuff that is still up a year later on Play Store, for example. Google simply doesnt bother if the case is too messy.
> hmm not sure yet on the open source thing
You could start with just go source-available by sharing the source with your users without going full Open Source, if you want to take the time and think about what license to use.
Another thing to add: this is Linux-only and a large amount of Linux users will care about your product being free software or under an open source license for ethical reasons. Source available doesn't mean open source, and open source means your product's license protects distribution and modifications of the code to some extent. This extent is quite debated, but you should certainly read up on this and have a strong defence for why your product isn't open source either way. I can certainly see why you wouldn't want to, but make sure to think about it especially for Linux-only. Windows and Mac users are probably more amenable to proprietary software.
Meticulously with Ghidra I suppose. This trend of saying it’s to protect us is getting old. The only way to prevent malware is by making the source available for us to see for ourselves.
If this isn't monetized, is there any reason against opening its source? I personally would like to be able to disable the usage analytics and crash reports.
> If this isn't monetized, is there any reason against opening its source? I personally would like to be able to disable the usage analytics and crash reports.
Although I personally deplore it and try to stay away from software that requires it, or even opts me in, I nonetheless think that it's reasonable for a developer to impose telemetry as a requirement for people to make use of their freely available software.
The first thing I'd do if it were open source is spin up a PR to allow the telemetry to be opt-in. After two decades of being the product, it's hard to trust any data collection done by companies outside the EU.
GDPR is very clear about how you are not allowed to make data collection a requirement for use.
It is a straightforward set of rules written in simple language and it’s not very long either. It’s not necessary to rely on third party readings or interpretations of it. Just go ahead and read it yourself and you will be well equipped to apply and argue about it.
