I agree with most of this. I think it’s worth noting that to sufficiently paranoid entities, any outside actor that has access to one’s system for any reason is a security risk. The risk can be both low and worth running, but the burden is in many cases on proponents to demonstrate this. (Unwillingness to engage with attempts to develop or test verification methods still seems like a red flag.)
I agree with most of this. I think it’s worth noting that to sufficiently paranoid entities, any outside actor that has access to one’s system for any reason is a security risk. The risk can be both low and worth running, but the burden is in many cases on proponents to demonstrate this. (Unwillingness to engage with attempts to develop or test verification methods still seems like a red flag.)