That's not to say that we shouldn't have verifiable builds (we totally should), but if we follow this line of logic we will never be able to call anything secure. By the time we have verifiable builds we will have identified other security risks that also need to be addressed.
Apps like Riot are secure compared to the majority of alternatives available today. Arguably we shouldn't use a binary term to describe that, but I'm sympathetic to the idea that consumers think in those terms and that it's not too harmful to use them. Other metrics typically don't see this kind of feedback (for example, you hardly ever see anyone complaining about someone marketing their app as 'fast', even though performance is also not binary).
Words like security and decentralization are indeed not binary, but referring to them as being on "a continuum" or something similar is not particularly helpful either. I wish I saw more application of them as modalities, such that they refer to not to a perpetual state but a systemic tendency toward an ideal (if asymptotic) structural equilibrium over time, as in "X tends toward greater decentralization", "tends towards greater security" over time.
Even better if these claims could be backed, if not by a formal proof, at least an informal definition of these terms as used in the claim and reasonable justification as to why the models being promoted would not tend to collapse into greater centralization, weaker security over time.
It's unfortunate that you posted this comment in a nearly drownvoted thread under a story submission about a product announcement.
You make a very interesting point about recognizing whether the tendency of a group coordination model is to drift toward one of the poles of centralization over time (not sure I follow that same reasoning with regard to security though).
This comment would have been much more relevant had it been made in the other story about making efficient decisions in a flat hierarchy.
That's not to say that we shouldn't have verifiable builds (we totally should), but if we follow this line of logic we will never be able to call anything secure. By the time we have verifiable builds we will have identified other security risks that also need to be addressed.
Apps like Riot are secure compared to the majority of alternatives available today. Arguably we shouldn't use a binary term to describe that, but I'm sympathetic to the idea that consumers think in those terms and that it's not too harmful to use them. Other metrics typically don't see this kind of feedback (for example, you hardly ever see anyone complaining about someone marketing their app as 'fast', even though performance is also not binary).