Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Right. We also know how to do code signing and deterministic builds so you could build it and ensure the code you see is what is being executed and that is what is certified.

It's just rather boring to get all the ducks in a row to do it.



Since when is any of that a requirement?


None of it is a requirement to work on the happy path.

To work as part of a reasonably secure platform that still allows people to develop on it and responsibly sell consumer hardware based on it, yes, it's necessary.


I'm a big fan of just getting it to work on the happy path. In this case, the rest of it sounds like doing extra work for no reason.

If you don't use the "happy path" builds, the choice is yours, and the consequences are your own. Simple as.


That tinkering attitude is the root of the problem in the Arduino ecosystem.

Just do things properly - it only has to be done by the vendor anyway, and no one else needs to touch it.


Welcome to the swamp of code certification testing. If I'm lucky to get sources, I also get a PDF describing the optimization flags allowed, and a checksum of every source file. It depends on protocol and domain, but it is very real.

Blobs are popular for a reason, and it's often for the sake of the user of the blob not the maker of the blob.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: