> The code is being shown to selected individuals deemed suitable and then they're telling me by way of proxy.
That is incorrect! The binaries are public and inspectable by anyone. The tools for doing it are bundled right into macOS -- like literally on every consumer's machine.[1]
Furthermore the protocol for connecting to a PCC node involves cryptographic proof that it's running a published binary.
Binaries != code. A security professional cannot evaluate a remote service by inspecting the binary that (supposedly) runs on a remote system. Even under ideal conditions it's a move that proves you still have something to hide by not just showing people the code that your architectures running on. It's as if Apple will do anything to prove their innocence except removing all doubt.
That is incorrect! The binaries are public and inspectable by anyone. The tools for doing it are bundled right into macOS -- like literally on every consumer's machine.[1]
Furthermore the protocol for connecting to a PCC node involves cryptographic proof that it's running a published binary.
[1] https://security.apple.com/documentation/private-cloud-compu...