> Give the government a key to sign / certify parts.
Bad idea. Very bad idea. We've already seen malware campaigns where governments actually stole signing credentials such as Stuxnet, where the creators managed to get their malware signed by Realtek and JMicron certificates [1].
Bad idea. Very bad idea. We've already seen malware campaigns where governments actually stole signing credentials such as Stuxnet, where the creators managed to get their malware signed by Realtek and JMicron certificates [1].
[1] https://news.ycombinator.com/item?id=17101171