It is one thing to KNOW the authour and his/her history, or the Company they work for so trust could be built, but for the likes of unknowns - then you all deserve what you get if the worst happens and you are the ones that are proliferating the use of these unknown applications.
#crysx
We cannot expect for a general understanding of online threats. Each individual is responsible for doing [or not] their own due diligence. Yet, I believe your advice should be taken very, very seriously.
Certainly not everyone working with open source has suspicious intentions. In fact, many are doing a lot of good when working with open code.
But surely there must be an educational front, where people can at least grasp some ideas of what harm could be hidden within a compiled release. Others more advanced can easily bypass any malware when running such files.
The safest way to proceed is probably to compile from source. And if that's not possible, then there should be some trust when it comes to shared releases.
BP
Apart from the obvious ...
Which is breaking the GNU Licensing of the OpenSource Code. Lack of Policing of OpenSource Licenses STILL does not mean you 'should' break the licensing rules.
Those who do should be taken as characters that have flaws in their legal and moral makeup, as they are the ones that commit the 'law breaking' by doing such things as taking OpenSource Code and making them Private. This 'should be a massive Red Flag to ANYONE that sees this happen as to the type of person redistributing the Binaries without SourceCode. The same type of people that have NO ISSUE ripping you off and hacking your system for their own benefit AND have no moral issue in doing so - sometimes sending you broke.
Things That STILL continue today. It's unbelievable that you all fall for these sorts hacks that people do in their closed source forms, when the License PLAINLY states that it should be redistributed WITH the changes and Source Code when changes are made. If not, keep it private and NOT distribute it.
SMH!
#crysx