[mrkeen]

> This argument about code inspection does not make sense to me.

It's about doing things in public. Not many people fit in a public courthouse, but court reporters can write down what happened and broadcast it to the public. Compare that to the FISA court.

> I don’t know if Free software makes software less secure but I don’t see how it makes it more secure

Without the source code, one can't even have an opinion on whether it's secure or not. I simply have to take the vendor's word for it.

> The author suggests greater use of code signing could help.

This is probably part of the solution. But who is signing what, and why? If Microsoft gives me a signed binary, all that tells me is that Microsoft vouches for their own binary.

[denton-scratch]

It also means that if I modify it, it's no longer signed. And if the system is configured so that only binaries signed by Microosoft (or by a signer that Microsoft trusts) can run, then the modified software won't run.

Code signing is A Good Thing, in principle. But it's easily hijacked by bad actors to further monopolistic goals.

[thereddaikon]

It also gives a false sense of security. There have been supply chain attacks in the past that succeeded because the attackers got their hands on a cert and signed malicious code.