What is the risk in an open source project like LibreOffice of a malicious developer adding code that could, say, silently steal data contained in docs/speadsheets?
The main things is that any line of code used to build the product is public and find it’s way into the source code repository in a publicly visible way…
Random developers can propose code for inclusion via our gerrit code review system, but by definition such system require review by established committer. Adding the kind of code mentioned in the question is likely to raise some eyebrows.
An alternative is for that person to invest the time to become such a committer, by doing good, useful work for some time… and then try to sneak in such code by using the ability to push to ‘master’.
This is also unlikely to go unnoticed, as even these commit get some form of post-commit review (by contrast with gerrit where the review is a-priori)
Then of course that malicious patch would have to stay in there for a while, until we branch a new release, then resist the scrutiny of the release-branch stabilization, the marketing effort to review patches to generate the ‘new feature’ list etc. etc.
Developer are also usually more security sensitive than others, so such code is likely to trigger some alarm on their box (by attempting to do thing that are verboten)…
So, there is always a risk, but that approach is very very unlikely to succeed.
Much more sensitive is the security of the binary delivery chain of custody.
Most of our users consumes binaries. The real danger is if a malicious actor where to be able to present a tempered binary image as if it was a legitimate one.
There are signatures at multiple level to mitigate that, but practically that is a much more likely vector of attack than trying to inject source code.
Virtually non-existent and if it did, it’d be caught faster (and it’d be transparent). Unlike closed source software where you would never find out if there was bad code (see Apple’s cloud disaster that resulted in the hack and publishing of private images of celebrities), our code is open source, so developers are constantly checking it out to see what’s going on. Furthermore, commits are reviewed before being pushed to the public - only trusted and experienced developers have commit access.