Comment by gtsop

Note that this patch would have to be sent out to all users though, since I don't think there is an authentication mechanism that lets them send out different upgrades to different users.

And if your whole business is a secure OS, it's a very risky proposition: you get caught doing this once, and your reputation is gone forever.

Your example is a strawman, as a determined enough actor, especially a security expert(s) like GOS developers could pull it off and get such patch / exploit. The probability is not zero. It will probably not be obvious to spot, would be spread over multiple files of code that don't necessarily relate to each other at first glance, as many documented CVE illustrated (one that comes to mind given HN context is the XZ utils backdoor from last year for e.g.)

Rossmann himself has no confidence to audit the code, so why take the risk ? Good enough reason to be "paranoid", or at least feel uneasy about it if you ask me.

> This isn't even possible given how updates on GrapheneOS work. The update client doesn't send identifiers to the update server, and the update server only hosts static files.

> Rossmann either doesn't understand this, or he made it up to get more views, or possibly to entertain fellow Kiwi Farms members.

Expecting a layman to know that is not reasonable. The argument is not about the GOS updates work in practice. It is about the "perpection", from Rossmann's perspective that the lead dev of the OS is hostile against him. Humans are not purely rational machines, and given the choice of either 1) spend hours auditing source code and updates pipelines (every release ?) and 2) stop using it for critical purpose, the latter is the easier choice, especially for a busy person like him.

> To be honest, I don't think that he didn't understand that he couldn't be targeted. He continued using GrapheneOS for months after the video. As I understand it, it was clear in a few videos months after the initial video was published.

For all we know, he is using it on his secondary device where he has removed what he deems critical. Again, Rossmann NEVER said "don't use Graphene OS", or "Graphene OS lack security" or anything of the sort. If anything, even after that video, he kept recommending GOS whenever he talked about privacy.

His argument is that he did not feel safe knowing using software from a hostile developer; and that he can't be bothered / not qualified to audit the code well enough to make it worth it (which is reasonable if you ask me, and I dare say most people).

Edit: > Rossmann either doesn't understand this Again, I agree with you here. He does not understand. He trusted the developer(s) to know what they are doing, but they broke that trust by being unreasonable, to say the least. He is under no obligation to understand. As for what you stated after that, I won't comment on it as I don't read minds, and pretty sure neither do you.

> You mean who tried to hijack the project in a very questionable direction, harming their users, he rather lighted the project on fire then let the users' security be compromised? > If anything, that is the greatest compliment you could give him.

On one hand, sure it can be a compliment. On the other hand, it only increases the perception that he is could enact significant harm if he ever comes after you.

> Also, this is fud that he can push any kind of code, like you can easily check any part of the pipeline.

Who is "you" ? Neither Rossmann, neither me (software dev albeit not in cybersecurity), and even less so the average GOS user, and I would venture to guess that neither you can audit GOS code with enough confidence to declare that the risk of an exploit or backdoor being introduced is zero. Open-source is not a guarantee that code or software is secure (for e.g. CVE in xz utils and many such cases).

Edit: some clarifications.

> This is on a level of "5G causes autism" understanding of the topic

That sums it up perfectly

[flagged]