The dev managed to answer everything put to them with alacrity. The question of code quality was of no consequence as even ugly code can work, and it's got more eyes on it than closed source.

In my threat theatre this device is far more than adequate for securing GitHub, GOOG, and a couple of GPG/ssh keys.

Should I ever becaome a spy, I'll probably revert to speaking to strangers about how red sparrows fly at certain times of day again.