Depends on the package, if it's a compiler or a big subsystem, not likely. If it is something that I plan on integrating then there is a much bigger chance.
I always wonder how easy it would be for someone to slip a security hole in to one of those packages that I 'make install' blindly, one day I'll be bitten, that's for sure.
But you can't really audit each and every piece of software that you install and a well hidden exploit would only have to be a few lines long, or in the case of an intentional overflow bug somewhere, it could be '0' lines.
Packages: apache, have looked at the source extensively long ago, not since 2.x, varnish, looked at it recently in some depth, heavy user of php, mysql, never looked at the source of either, newbie user of python/django, looked at django but not at python.
Usually my digging in to something is triggered by a bug, I usually will submit a detailed bug report in that case but not send in a patch unless it is well within my expertise. Submitted some for drupal modules.
Wished I had more time to spend on the 'curious' department.
I always wonder how easy it would be for someone to slip a security hole in to one of those packages that I 'make install' blindly, one day I'll be bitten, that's for sure.
But you can't really audit each and every piece of software that you install and a well hidden exploit would only have to be a few lines long, or in the case of an intentional overflow bug somewhere, it could be '0' lines.
Packages: apache, have looked at the source extensively long ago, not since 2.x, varnish, looked at it recently in some depth, heavy user of php, mysql, never looked at the source of either, newbie user of python/django, looked at django but not at python.
Usually my digging in to something is triggered by a bug, I usually will submit a detailed bug report in that case but not send in a patch unless it is well within my expertise. Submitted some for drupal modules.
Wished I had more time to spend on the 'curious' department.