The problem is that quite often everything rests on that belief in someone else being there to check. Most of the time, even if some of the users are qualified to do it, they don’t have the time to go through all of the code and then be on it through each update.
Good point and worth considering. For the more popular stuff, though, it’s likely someone somewhere is looking at it, and even the threat of discovery is enough to discourage malfeasance. And in either case, it’s better to have the observability rather than a black box system with no possibility to check it.
The problem is that quite often everything rests on that belief in someone else being there to check. Most of the time, even if some of the users are qualified to do it, they don’t have the time to go through all of the code and then be on it through each update.
Good point and worth considering. For the more popular stuff, though, it’s likely someone somewhere is looking at it, and even the threat of discovery is enough to discourage malfeasance. And in either case, it’s better to have the observability rather than a black box system with no possibility to check it.