Comment by bee_rider

It would be nice for the community, so they can at least try to fix things.

But mostly, I think it would clarify the responsibility and obligations for support. Obviously a device which hasn’t been opened up can’t possibly be the responsibility of the user, who is locked out and unable to administer it. By default manufacturers should be responsible for the things they manufacture and should have an obligation to make sure they are reasonably free of defects. Devices with known security vulnerabilities are defective.

If they want to release themselves of that responsibility, they should have to actually make it possible for somebody else to pick it up.