• Socsa@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    This has always been the case. Maybe I work in a unique field but we spend a lot of time duplicating functionality from open source and not linking to it directly for specifically this reason, at least in some cases. It’s a good compromise between rolling your own software and doing a formal security audit. Plus you develop institutional knowledge for that area.

    And yes, we always contribute code back where we can.

    • datelmd5sum@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      We run our forks not because of security, but because pretty much nothing seems to work for production use without some source code level mods.