I had to switch to an iPhone couple of month and won't be able to test the Quillpad app on my phone anymore. I am still an Android developer by job, though not mostly on the UI. I am looking for so...
Malicious account holders with a long term goal need to build reputation. It doesn’t matter much that such an app isn’t a dependency of other software.
Making one a maintainer (with merge and possibly even direct commit/push permissions) is handing them a key to the kingdom. Recruiting a maintainer out of the blue without them being already contributor and long term participant in the project is questionable.
Malicious account holders with a long term goal need to build reputation. It doesn’t matter much that such an app isn’t a dependency of other software.
Practically every FOSS project is actively looking for volunteers/maintainers all of the time. More contributors are not problematic.
The xz problem was that they socially engineered the main dev into giving them the keys to the kingdom.
Making one a maintainer (with merge and possibly even direct commit/push permissions) is handing them a key to the kingdom. Recruiting a maintainer out of the blue without them being already contributor and long term participant in the project is questionable.