View Full Version : Are open source projects ever vandalised?

August 9th, 2008, 01:30 PM
Quite some time ago, we had to give a surprise speech to our class, about something we felt strongly about. I (in the heat of the moment, and with nothing else jumping into my mind) chose to explain a few of the key benefits of open source, which I eventually likened to wikipedia, and the way that more hands makes work lighter.
Someone pointed out that there are quite a few vandals on wikipedia, and asked if there were vandals with open source software. I didn't know.
The fact is, there will always be ****heads in the world, so:
Are open source projects ever vandalisd?
If not, why not?
If so, Why doesn't the end user find out about it?

August 9th, 2008, 01:36 PM
The way I understand it, is that they generally can't be vandalised. Normally there would be a project leader or a "core team" that works on a project (or at least some sort of organisation). They would normally check to see if user contributions are actually legit contributions or just vandalism. I don't really know this for sure though, this is just what I think may be the case.

August 9th, 2008, 02:28 PM
For the same reason that vandalism doesn't stay on Wikipedia, OSS projects aren't vandalized.

August 9th, 2008, 02:44 PM
Wikipedia accepts edits from literally anyone who is not on their "banned IPs" list. Most, if not all, important open-source project don't allow anonymous writing to their versioning system, so anyone would need to submit small legitimate patches straight to developers before being given the keys to the Kingswood :-)

That, understandably, stops most vandals in their tracks. I believe it has happened before though. And notice that open-source project use versioning systems - they can roll back any undesirable changes made, to any earlier state.

August 9th, 2008, 06:01 PM
Just because it's open source doesn't mean that the development is freely editable. You can edit whatever you download, but the project maintainer might (and probably should) keep close attention to who is able to write, and when/where they do the writing.

The Open source part more comes in after you download it and have a copy on your own machine, you even have the power to make a new fork. If you send bug reports and patches, the project maintainer(s) may choose to listen to them or ignore them. Although, it's generally a good idea to listen.

August 9th, 2008, 07:31 PM
No, not really. Especially in the larger projects (the Linux kernel), code changes are reviewed. Wikipedia gets vandalized a lot because literally anyone can edit it without any prior review or editing of the changes. But, even so the number of legit edits to Wikipedia far outnumber the number of vandalism.

August 9th, 2008, 08:56 PM
The GPL allows people to fork off and vandalize a project, as long as they contribute back code!

Someone could easily take, say, GnomeSword, and make it for Satanism! Is that vandalism? Some people might think so. But, the fact remains that it's simply forking, and is also a display of free speech and free software, two things I truly value.

So, it's kind of subjective.

August 9th, 2008, 11:13 PM
On a similar note, my Dad and I were talking about whether or not there are open-source projects that were created (or modified) with malicious intent (for example, identify theft or key-logging). When he asked me about identity theft and/or keylogging and I really didn't know what to say to him. The only thing I could really say was devs that contributed to projects would look at code and see something fishy about it and make a note about it. I guess he has difficult wrapping his head around the philosophy and doesn't understand why people would invest time and effort into something that doesn't return anything.

What do you guys think? Has anyone really devised a project with ill intentions?

(Sorry if I strayed off topic)