My mental model is that requiring updates to be signed delivers a lot of security bang for your buck. Do you disagree?

An attacker can still steal the private key, or identify a flaw in the signature checking code. It looks like there are a variety of other, more constrained attacks: https://theupdateframework.io/docs/security/#attacks-and-wea... But overall, it seems to me that you can make an attacker's life considerably more difficult, for a comparatively small effort.

Yes. I wouldn't be burning write access to Dell's update servers on something so unlikely to achieve an objective.

I can't help but wonder if this requirement if secrecy for a big bang marketing event that is called wwdc is to blame as well. At least the different teams working in the same product should have access to the complete product, right?

I don't use a Mac so I can't exactly cite specific issues I've had. But I've definitely seen a lot of them posted and reported on HN, ArsTechnica, Reddit and other places

Due to how small Apple's hardware list is, issues directly impact a much larger percentage of their userbase

I've tried gnome-firmware (same backend) on literally every linux system I've ever owned and have never seen an available update for any of my hardware.

The Berkeley Software Distribution (BSD) part of the kernel provides the Portable Operating System Interface (POSIX) application programming interface (API, BSD system calls), the Unix process model atop Mach tasks, basic security policies, user and group ids, permissions, the network protocol stack (protocols), the virtual file system code (including a file system independent journaling layer), several local file systems such as Hierarchical File System (HFS, HFS Plus (HFS+)) and Apple File System (APFS), the Network File System (NFS) client and server, cryptographic framework, UNIX System V inter-process communication (IPC), audit subsystem, mandatory access control, and some of the locking primitives.[7] The BSD code present in XNU has been most recently synchronised with that from the FreeBSD kernel. Although much of it has been significantly modified, code sharing still occurs between Apple and the FreeBSD Project as of 2009.[8]

Crucifixion? Really? Come on now...

I paid Dell a bunch of money for a laptop. They pushed a bios update, that ubuntu kindly relayed to me that meant when I closed the lid and put the laptop in my bag as I sat beside my daughter's ICU bed, it fried the motherboard. No really. That was the /purpose/ of the bios "upgrade." Warranty after they remotely fried my machine? No, because it worked as designed.

So yeah going bayesian given none of us can be 100% sure about anything, my prior on Dell is they suck donkeys' gonads on all levels. Competence, honesty, service, everything - until evidence shows otherwise and I've just told you why.

Why is your prior that Dell are competent even when evidence suggests otherwise?

That still wouldn’t excuse that someone clearly didn’t verify their work. No matter what the reason, ownership of this task was released before it should have been.

Dell is a large player in storage integrity for servers for exactly this purpose.