If it's open source, then git/svn/cvs pull a copy of the repo and read the code. No need to interrogate the guy.
While I understand what you're saying here, I can't help but think of how many times my co-workers asked me something they could have easily looked up via Google. I can easily extrapolate that to a border guard, especially if there's an added benefit of harassing a guy you don't like.
Oh I definitely get that. I've got a friend whose french daughter is often harassed coming into the US by immigration thinking she is an undercover nanny or something. I have no love whatsoever for the TSA (and the DHS for that matter)
My BS detector was pinging though that they even knew this guy had an open source project. If they were hassling him because of that, they had pre-knowledge of it and would know the answer to that question. If on the other hand they just pulled him out of the line and started giving him the 3rd degree because he 'looked like the type' and then got this 'crypto thing' and then tried to exploit that for some other reason, well that would be more like typical TSA protocol.
Even if they do have this knowledge, and even if they could just as easily find it through Google or some other publicly available mechanism, they are most likely just seeing if you'll incriminate yourself. Why do they ask me what I'm doing when entering a country or where I'm staying when I've already given this information to the airline before boarding the plane?
There's a whole line of reasoning behind their questioning tactics that extends beyond getting to the facts. That's why the best legal advice is simply to not say anything, because they are not in any way shape or form on "a quest for the truth".
While I understand what you're saying here, I can't help but think of how many times my co-workers asked me something they could have easily looked up via Google. I can easily extrapolate that to a border guard, especially if there's an added benefit of harassing a guy you don't like.