[awinter-py]

You can release reproducible signed builds that the user can verify. You can be open source without allowing users to upload new blobs.

You can still accept PRs and stuff.

[lperkins2]

This is what caused me to totally dump nvidia. Their new cards require signed drivers to enable boosting behaviour, and they are unwilling to build and sign the nouveau driver. It's not like it's hard to set up a buildbot...

[lstodd]

I wonder if you'd have to recertify after each pr merge

[toast0]

You would need to certify each signed release. Most likely, you wouldn't make a signed release for each PR, because of the time and expense involved, until you got to the point were changed were few and far between.

[amenod]

No, just before actually releasing it. Nobody cares about the code as long as it is not running on the devices.