Originally Posted by YaDr
Anybody can check sources, but who will?..
And can you trust their results?..
FOSS can be riddled with exploits like Heartbleed for years, and no one will notice anything. There are even competitions on hiding malicious code inside innocent one...
Only a small number of experienced and skilled developers will be able to find such malware, and believe me - 99% of them don't waste their time on reading, understanding and checking for exploits the sources of all software they use...
Hello there my Russian friend. I will respectfully disagree with you on this point and I will explain why. Right here on XDA, we have many highly-skilled developers who are the authors of countless lines of code translating into ROMs, modules, enhancements, etc. Much (if not all) of these projects are free to distribute and created as a contribution to the community. In other words, to ask "who will check sources" is the same thing as asking "who will create custom ROMs for people?" or "who will create invaluable/indispensable modules such as XPosed?" or even the general question of "why would someone do this for free?".
It is evident that all of these exist already and that people do indeed contribute, so coupled with the fact that the XDA community is over 5 million members in size, I think there will be developers who may be interested.
The only reason I can see someone not supporting this is if they have an interest not to do so, such as being the author of a closed-source (or open-source) malicious module.