"The Secretary of State has also committed to making the source code open source. That may not happen immediately on release because the fabulous NHSX development team are all working hard on getting the product ready. But it will happen."
Sounds like there is an intention to deliver on the source. Bigger question is whether the server side is open sourced (as clearly that has limited value for verifying what is happening remotely).
> That may not happen immediately on release because the fabulous NHSX development team are all working hard on getting the product ready. But it will happen.
That's just annoying nonsense though isn't it?
There are reasonable (well 'ok they happen, whatever') causes for delay in open-sourcing something that didn't start out that way, but... Do any of them take more than seconds of developer time? They mean it 'may not happen immediately, because it's stuck in legal', surely?
Sounds like there is no intention to deliver the source on release, and once the release has been out for a couple of weeks, the benefit of public review of the source code drastically diminishes.
The source code should be released before the public release of the binaries, not after, and not doing so means they're trying to hide what the app does from timely public discourse.
Releasing a tarball (even if it lacks the tools to build it) isn't that hard, is it?
"We intend to open source our codebase once the first release is finalised. The documentation accompanying that release will supersede this paper."
and from https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contac...,
"The Secretary of State has also committed to making the source code open source. That may not happen immediately on release because the fabulous NHSX development team are all working hard on getting the product ready. But it will happen."
Sounds like there is an intention to deliver on the source. Bigger question is whether the server side is open sourced (as clearly that has limited value for verifying what is happening remotely).