-
I was just working through the issues to see if @jellybaby's point was noted - nice one. This is the "official" response:
Hello all - and thank you for your patience.
The app is still being actively developed in our private GitHub repos.
We're learning from all your comments, along with the security issues
raised through HackerOne.At the moment, all of our effort is going into building, refining, and
testing the app. The development team is focused solely on that.Preparing the app for an open source release takes time. We have to
make sure that all secrets and keys have been redacted, that all
developers' personal details have been removed, that the git history
doesn't contain anything untoward, that we haven't accidentally done
something to compromise security, that the licence files are correct
etc.Additionally, it's difficult to code in the open on a high-profile
project like this. We want to give our developers the space to work
safely and effectively.My job is to make sure that the source code gets released alongside
the public binary - and that it is released under a FOSS licence. I'm
working as hard as I can to achieve that goal.Thank you all for holding us to account over this.
To be fair, that's how I work on github. But mostly because I don't want people to see my shit code until I absolutely have to share it. And I'm not developing a pandemic track-and-trace app.
You are reading a single comment by @ and its replies.
Click here to read the full conversation.
This popped up a while ago - that they were releasing versions that weren't the same as the one in Git - assume the fear was that the open sourcing of it was in name only.
https://github.com/nhsx/COVID-19-app-Android-BETA/issues/49
I didn't really follow it up - it looks like there have been pushes recently so maybe it's no longer a valid gripe. Personally I simply don't trust them to either produce something ethically, to not use the data improperly or (even if done properly) to act on it effectively and impartially.