alt Hacker NewsAs articulated in the author's own blog post:
https://obdev.at/blog/little-snitch-for-linux/
The core issue is simple and uncomfortable: through automatic updates, a vendor can run any code, with any privileges, on your machine, at any time.
-----
If the author is serious about this, then they should make their own program completely open source, and make builds bit-for-bit reproducible.
For all I know, the proprietary Little Snitch daemon, or even the binaries they're distributing for the open source components, contain backdoors that can be remotely activated to run any code, with any privileges, on your machine, at any time.
This is correct, of course. But I currently can't make the entire project Open Source. My other option would be to keep it completely private (wrote it mostly for myself in the first place).
I think it's still better to make it public and only partially Open Source so that some people can benefit from it. If you don't trust us, that's completely reasonable, just don't install it.