[hackerb9]

Tough, but not insurmountable. Especially compared to the work of reimplementing GPG and actually having it be trustworthy. (They mention it is harder than they thought, but they are continuing on. That says to me they have not yet thought hard enough about it!)

Here's an idea: If you look at the metal ring on the Somu, you'll see it is actually two separate pieces with a small gap between them. In hardware, they are two touch buttons, but the software treats them as identical.

Maybe they could manufacture the Somu with the gap between them soldered closed. If someone wants to put it in "dev mode", they have to first cut the solder bridge apart.

I think that would satisfy the GPL3: user has ultimate control, but also meet the security concern that the user might not know the implications of what they're doing.