Comment by Blikkentrekker

I often notice after the fact when it blows up.

Consider the situation with XScreenLock in Debian when it was found that the code had a timer in it that bugged people to update when using an unsupported version. Once the timer reached this point and many received this update, Debian immediately patched it to remove it as many found it annoying and it was a controversial move, but to me the most interesting part was that it was in the code, publically; it was added at one point,and no one at Debian knew.

This timer that merely annoyed users into updating could just as easily been serious malware that no one would have noticed that lay dormant to awaken at a set date.