[chickensong]

I get the social dynamics, and I agree that we need more signals to build trust, even if I disagree on this particular signal.

I think enhancing SDLC visibility could be valuable, which is somewhat related to your original suggestion, though I'm not sure how to validate something like that since workflows and tests tend to be unique. I suppose we have badges like 'build:passing' that aren't standard, but are somewhat adopted and show that some extra effort went into setting that up. It would be nice to have something a bit more standardized and verifiable though.

Anyway, I appreciate your engaged responses, and even if we don't see eye to eye on the LLM signal, I think we both want the same thing, which is increased trust in third-party software. I hope we get there someday, even if it seems we're moving in the opposite direction right now.