[Hasknewbie]

When I was working in the mobile industry, I was told repeatedly that a 100% FOSS phone would be impossible. Not only is the existing tech proprietary and patent-encumbered, even if somehow you could get past that your GSM radio must be certified before going to market. And if your radio is FOSS-based that means an end-user can toy with the baseband, therefore you will never get your cert, period. The stuff at the lowest level must locked down before being allowed on a public mobile network.

[awinter-py]

You can release reproducible signed builds that the user can verify. You can be open source without allowing users to upload new blobs.

You can still accept PRs and stuff.

[lperkins2]

This is what caused me to totally dump nvidia. Their new cards require signed drivers to enable boosting behaviour, and they are unwilling to build and sign the nouveau driver. It's not like it's hard to set up a buildbot...

[lstodd]

I wonder if you'd have to recertify after each pr merge

[toast0]

You would need to certify each signed release. Most likely, you wouldn't make a signed release for each PR, because of the time and expense involved, until you got to the point were changed were few and far between.

[amenod]

No, just before actually releasing it. Nobody cares about the code as long as it is not running on the devices.