I ran mine like this for years. Then a few weeks ago I installed Immich so we can browse photos directly from the NAS on our phone. That’s how it will stay. I don’t want it to turn into an application server.

For personal use? I never do anything that would qualify as “auditing” the code. I might glance at it, but mostly out of curiosity. If I’m contributing then I’ll get to know the code as much as is needed for the thing I’m contributing, but still far from a proper audit. I think the idea that the open-source community is keeping a close eye on each other’s code is a bit of a myth. No one has the time, unless someone has the money to pay for an audit.

I don’t know whether corporations audit the open-source code they use, but in my experience it would be pretty hard to convince the typical executive that this is something worth investing in, like cybersecurity in general. They’d rather wait until disaster strikes then pay more.

Obsidian’s only downside is that it’s closed source, but this is a big downside for some people.

Yes, Joplin achieves everything this proposal does and more.

I think you accidentally dropped your mic.