borktron

borktron t1_itslz64 wrote

While I'm generally in favor of well-understood and battle tested open-source hw/sw, it's not really a panacea. How do you know the build of the open-source software hasn't been tampered with? How do you know that the physical machines actually in use conform to the open-source specs and haven't been tampered with?

Of course, you can mitigate some of those risks by allowing stakeholders to inspect, verify hashes of builds, etc. But that's a lot of human-factor stuff on top that you're absolutely relying on.

So even in an open-source hw/sw world, RLAs are still critical.

2