Comment by getpokedagain
21 hours ago
As someone not deeply involved in FOSS I am starting to get the absolutist mindset.
I run graphene on my phone and this new restricted security patch limit by google is nothing short of a shit show.
21 hours ago
As someone not deeply involved in FOSS I am starting to get the absolutist mindset.
I run graphene on my phone and this new restricted security patch limit by google is nothing short of a shit show.
Can you shed light on this new patch? Does it hinder your freedoms as a user of graphene OS?
I wonder if switching to a Jolla C2 [0] is a reasonable alternative.
[0] https://commerce.jolla.com/products/jolla-community-phone
Google recently changed their security policy regarding Android, where there's now a 3-4 month delay between when OEMs get access to security patches and when they're posted to AOSP (it was previously 1 month). The patches are broadly distributed to OEMs, so there's no significant barrier to attackers and companies like NSO Group and Cellebrite obtaining them. GrapheneOS has access to the patches, but the embargoed nature means they're not able to publish the patch source code or any details about what vulnerabilities are being patched. This means that GrapheneOS users are forced to choose whether to opt into the closed source patches and get recent vulnerabilities patched, but lose out on having an open OS.
That means that Graphene OS is "eventually open source", which is a practice as old as open source (call it free software, if you prefer) itself. More on https://opensource.org/delayed-open-source-publication