← Back to context

Comment by zepto

4 years ago

This is clearly a good thing to do and supporting those projects is great.

So far though, they do nothing to solve the problems we are talking about. The software is not anywhere near audited, and even if it were, you are still interacting with people and services who are using unaudited software.

4 comments

zepto

Reply
kop316  4 years ago

> The software is not anywhere near audited

Many of the projects leverage a well known OS as their base (e.g. pmOS uses Alpine Linux, Mobian uses Debian), and actively ensure that anything that can be upstreamed is upstreamed. So it's not like you're downloading some random ROM off of XDA.

  • zepto  4 years ago

    That doesn’t make the system audited. The obvious reason we don’t hear more about the weaknesses is that no high value targets are using these systems, so it’s not worth exploiting them.

    • m4rtink  4 years ago

      Um, these distros are normally used to run like half the Internet, they are very valuable targets today and I don't think putting them on a phone changes the threat environment so much.

      1 reply →