well that is direct! but from an outsider's point of view.. Isn't the larger picture that nation-states (USA) and federated countries (EU,UK) are requiring secure, signed and authoritative packaging for binaries that are deployed for national critical infrastructure and more. The laws of the EU requiring a public register of origin for software, each binary (?) So despite the direct language there, actually it can get worse, for example hypothetical Irish casino operators make a company that is the title holder to build secure binaries to spec, and it is a massive lawyer-fest and billing machine while things accumulate. Is this possible?