Making the code available doesn’t necessarily mean that you can actually flash the image since it can be cryptographically locked down. Or even you support flashing but only let you do certain trusted operations from a signed image.
Honestly, if you can't update the firmware you're in the same situation... knowing that you have a critical vulnerability and unable to fix it.
Enforcing trusted operations is definitely more work than they are going to do (if it's even possible to "do this right").
In a semi-ideal world, I would look for a vendor that permits only certain ops from a flashed image and hope that their crappy "restriction enforcing" code is also riddled with vulnerabilites so it's really just "follow the rules please".
going the pc route is fully embracing your hardware accept whatever software the user wants. not throw unbuildable source somewhere and make it impossible to use. that's the faux open source we have today when someone must comply with the gpl or something
I think you happened to miss the point about regulatory requirements that make this difficult/impossible to accomplish for the radio vendor. I think the proliferation of SDR is the only hope to change the broader regulatory culture but until that happens you're not going to see a shift.
I think it's also rich calling GPL compliance faux open source. There really is no true Scotsman.
Manufacturers of radios have to prevent the ability to behave in a non-compliant manner. One way of accomplishing that is preventing the user from updating software to non-official versions. Another is to prevent the small subset of functionality to be updated by non-official versions. This isn't a new requirement and has been around since forever.
