Philip Whitehouse <[email protected]> writes: >> 3. "K-9 is a community developed project." Is there possibility that some >> rogue developer join the project and put some malicious code into it ? >> > > In theory, but not in practice. > > Every pull request is reviewed and merged by an approved developer and > developers are only approved after several merged PRs. There's also plenty > of self-review of commits made. I generally look over every commit I pull > before I merge it in to my local dev branch. I've not read all the > historical code (but I'm gradually doing it...) > > Not all approved developers can push updates for K-9 to the play stores. In > theory if cketti went rogue he could push rogue code. But then he's the > benevolent project lead - there's always someone in that position > invariably for any app.
A fair answer, really. To respond to the OP, a question "Is there any possibility" is almost always properly answered yes, but that's the wrong question for several reasons: It's about "what are the chances", not "could it be". You're asking about K-9, but what about the Android ROM on your phone. Could a rogue developer get a job at Google and slip in a backdoor that's too subtle to spot? What about the chips in your phone? What about the firmware for the cell modem? I think it's fun to be paranoid, but make sure you're balanced! -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
