[talkin]

Well, or it is important, and then you add the countermeasures. These countermeasures are quite easy to mess up, so doing the validation (on an ongoing basis!) MUST be part of the deal.

Or if you think it’s not important enough to do those assertions in CI, then it might be better to just reject the obfuscation attempts.

There’s no middleground: doing the implementation without checks, means you added complexity, you dont know if security improved (or worsened!), and the the release note might come down to a false sense of security.