I’m a fan of FOSS and reasonable privacy with data. I also often look for and install software on my computers for random tasks as they come up. Today, when I was looking to install an extension to Firefox called Wikipedia-EN that helps me search Wikipedia by highlighting a word, the Mozilla page for the extension states:
This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.
As someone that is not educated in programming or perpetually current on tech news, what can I do to assess the safety of this and other software? Is there a site that transparently evaluates software and publishes its findings?
Mostly if you find an attached GitHub repository to the software, you can have a bit more trust in it than otherwise, it means that the developer is putting their cards on the table and not trying to hide something nefarious. Of course there are caveats to this but it’s a good start.
Also, check the number of contributors to a project. All of those people do (probably) trust the project and have also (probably) read at least parts of the source code for it