But how good do they verify each others contributions within the qubes team? It sounds like they do it very good against contributions from outside the qubes team but what about inside? The reason I have doubts is because I’ve seen a few posts that raise doubts, and because I have learned my lesson I will quote a coupe here.
Therefore, trust is still important even in an open source project. But there are two different types of trust. First is the trust the end users have in the devs, this should be as high trust as possible. The second type of trust is how much the devs trust each other. I think it is probably good if the devs don’t trust each other because that motivates them to more seriously verify each others code. And as explained in this topic, it’s not only about code but also about the direction of the project, what the priorities are what the priorities aren’t. That is one of the biggest points of this topic from the beginning, that the community doesn’t find it clear if qubes os is security or security and privacy.
Thanks to this topic it seems like we have finally agreed on that it’s security and privacy. This is important and I hope everyone can see how successful and valuable this topic as been.