Comment Re:Almost. there. (Score 2) 156
and
This is not the main reason why it should be open source, nor is "open source" enough, unless we are using a definition compatible with the free software definition. In fact, both hardware and software should be free, documented, and open in order to justify the basic security and privacy claims the manufacturer is making.
As for "open source", the freedom to distribute modified copies (which is not clearly implied) is paramount to anything aspiring to be secure. If a bug is discovered, and a patch is available, the software will remain insecure if the authorized distributor refuses to apply the patch. Free software does not have this problem.
As for the order of your list, all the things you named are very useful indeed, but they are not worth crap unless the entire thing is free software, and the hardware is open and certified by third parties without special interests. One binary blob makes all security and privacy claims a lie, plain and simple. Not an honest mistake, not a misunderstanding: these people surely understand security, so when they start selling "secure" binary blobs, they will be lying through their teeth.