Like many here, I am quite fond of rclone and it has become an important tool for my everyday work as sysadmin. When using tools like rclone that manage a lot of important data, some organizations/customers do ask questions about the reliability of such tools, especially when they are not well known (read Gartner writes about them) and when they aren't run by some big company names (because we all know Microsoft would never sell unreliable software ....)
Anyway, this had me thinking about sponsoring a code audit for rclone, similar then what truecrypt went through a few years ago. This would certainly benefit the project by finding potential issues and it would also provide something for the sysadmins among rclone users that we can point at when someone asks questions.
I'm curious as to what the thoughts on this are and how many would consider donating for a professional code audit of rclone.
I firmly believe any code audit would need to be sponsored by some corporate customer of rclone and not individual members of the community.
While I understand the need to audit a tool like truecrypt, the use of rclone is significantly different, as it's core functionality is not to secure the files but transfer them. And an audit would really be quite difficult and version tied as it would need to certify each and every remote independently to confirm correct implementation of all API's for that remote are correct. And it would only certify a release, which could very well break due to a simple API update.
My understanding is truecrypt audit is centered on the encryption modules which are rarely modified once completed.
For the few cases I have encountered where customers requested "reassurance" about tools, any form of audit would have been plenty to put their minds to ease.
While audits for compliance purpose may be more beneficial to companies and tied to specific versions, a general code audit that targets code quality may very well be a significant benefit to the project and all of its users, which is why I believe the community may be interested in this.
Of course this would also be something that Nick wants to support and he would also need to be the one to setup crowdfunding for this endeavor.