-
This popped up a while ago - that they were releasing versions that weren't the same as the one in Git - assume the fear was that the open sourcing of it was in name only.
https://github.com/nhsx/COVID-19-app-Android-BETA/issues/49
I didn't really follow it up - it looks like there have been pushes recently so maybe it's no longer a valid gripe. Personally I simply don't trust them to either produce something ethically, to not use the data improperly or (even if done properly) to act on it effectively and impartially.
christianSpaceman-
I was just working through the issues to see if @jellybaby's point was noted - nice one. This is the "official" response:
Hello all - and thank you for your patience.
The app is still being actively developed in our private GitHub repos.
We're learning from all your comments, along with the security issues
raised through HackerOne.At the moment, all of our effort is going into building, refining, and
testing the app. The development team is focused solely on that.Preparing the app for an open source release takes time. We have to
make sure that all secrets and keys have been redacted, that all
developers' personal details have been removed, that the git history
doesn't contain anything untoward, that we haven't accidentally done
something to compromise security, that the licence files are correct
etc.Additionally, it's difficult to code in the open on a high-profile
project like this. We want to give our developers the space to work
safely and effectively.My job is to make sure that the source code gets released alongside
the public binary - and that it is released under a FOSS licence. I'm
working as hard as I can to achieve that goal.Thank you all for holding us to account over this.
To be fair, that's how I work on github. But mostly because I don't want people to see my shit code until I absolutely have to share it. And I'm not developing a pandemic track-and-trace app.
-
Aha, further down in that issue:
Hello all - and thank you for your patience.
The app is still being actively developed in our private GitHub repos.
We're learning from all your comments, along with the security issues
raised through HackerOne.At the moment, all of our effort is going into building, refining, and
testing the app. The development team is focused solely on that.Preparing the app for an open source release takes time. We have to
make sure that all secrets and keys have been redacted, that all
developers' personal details have been removed, that the git history
doesn't contain anything untoward, that we haven't accidentally done
something to compromise security, that the licence files are correct
etc.Additionally, it's difficult to code in the open on a high-profile
project like this. We want to give our developers the space to work
safely and effectively.My job is to make sure that the source code gets released alongside
the public binary - and that it is released under a FOSS licence. I'm
working as hard as I can to achieve that goal.Thank you all for holding us to account over this.
That's not what I'd call Open Source and means if having the code in the open is a factor in if you would install the app or not I think you should treat it as closed source. But I'm perhaps just a paranoid nutter on the Internet.
jellybaby
I might be missing something but there don't seem to be any actual changes to the code in the Android version for more than a month and yet the Android app in the Play Store was updated yesterday.