Not right now. The burden of supporting that as open source would be too high.

Aw too bad. Specifically the glue between BoringTun and the iOS/macOS NetworkExtension API would useful to many developers, I suspect.

Why not release anyway (for transparency) but with explicitly no support?

If you don't trust them with a binary, you shouldn't trust them just because they posted source code somewhere. If they don't have the bandwidth to manage this as an open source project this is the right call.

There are plenty of companies who have released their source code but don't support it in the same way a typical community driven project like other open source projects do.

This is especially true for certain privacy and security focused applications. For example, Signal release their code, have quite a lot of users, and don't report an unmanageable overhead due to having released their source code.

It's not just a matter of trusting their intentions, it's a matter of knowing that their code matches their intentions. I trust OpenSSL (mostly, these days) and I always trusted the intentions of the developers, but if their code was not open it would not be half as secure today.

Because that doesn't really work. We put the code out there and people start working on it. You think we're going to be able to _not_ look at what's people are doing?