Comment by mendelmaleh
8 hours ago
One thing that bothers me is the seeming lack of transparency about who is running GrapheneOS. Daniel Micay supposedly stepped down, so who is calling the shots now? Who runs the CI? Who owns the update servers and signing keys? Who am I trusting?
The directors of the the GrapheneOS Foundation and the other things you're talking about are public information. I stepped down as lead developer due to relentless harassment preventing me from being productive. The same people targeting me with harassment misrepresented what was happening.
You shouldn't get info about GrapheneOS from Hacker News comments especially when multiple regulars here are part of the attacks on GrapheneOS. Hacker News permits people to freely engage in libel and harassment towards me on nearly every post about GrapheneOS.
Thank you, to you and the rest of the team, for your work on GrapheneOS!
If I may make a suggestion: as GrapheneOS becomes more popular, perhaps it's time to better establish users' trust in the control over it.
When the project was primarily you, who was already known for technical prowess and a principled exit from a different project, that was enough for many enthusiasts.
But as both the team and the user base have grown (and, secondarily, the outside world has become less stable), a new infusion of confidence in trustworthiness would help.
I'm not sure how to do that, but it may include communicating who is involved (not just names, but why they should be trusted), and what safeguards there are against mistakes and compromised/rogue individuals.
I say this because GrapheneOS may be the best candidate for a trustworthy smartphone platform right now, and I hope for the best followthrough and success of that.
[flagged]
Seems like you’re proving his point. From what I can tell he founded the project and was bullied into leaving on social media. Happy to update my view if there’s additional information.
3 replies →
Daniel Micay is still running the project despite announcing he'd step down a while ago. You can see the entire team on their Github
The directors of the the GrapheneOS Foundation and the other things you're talking about are public information. I stepped down as lead developer due to relentless harassment preventing me from being productive. The same people targeting me with harassment misrepresented what was happening.
You shouldn't get info about GrapheneOS from Hacker News comments especially when multiple regulars here are part of the attacks on GrapheneOS. Hacker News permits people to freely engage in libel and harassment towards me on nearly every post about GrapheneOS.
I'm aware of what happened, and I'm getting GOS news directly, not from HN. However, you're still the biggest contributor of code to GOS (judging by commit history). That's what I meant.
1 reply →
That is a pretty poor and disappointing reply to be honest.
They asked a reasonable question and you barely even responded to anything they asked. The community deserves a response to the question.
What with this new chapter, it might be better for someone else to handle PR and comms for the project
(Signed, passionate GrapheneOS user of a few years)
For what I understood is that he's just stepped down as lead developer.
You're correct. Dmytro Mukhomor is the lead developer of GrapheneOS.
What I find particularity odd is that on their donation page [1], Daniel Micay's personal Github account is linked as a donation option (using Github sponsors).
(I opted to donate via bank transfer instead, because that is at least addressed at the GrapheneOS Foundation, not one specific member.)
[1] https://grapheneos.org/donate
Without criticizing or implying any conspiracy theories, I did find it odd where the news release quoted "a spokesperson at GrapheneOS" without attributing it.
We badly need alternative(s) like GrapheneOS, and I want to see it succeed. I hope as the project matures, the sense of professionalism and stability it projects will strengthen. For what it's worth, I personally feel the business partnership is a step toward that end, and am really happy to see some manufacturer diversity.
They also have an overly reactive social media presence, somewhat similar to what ffmpeg has. Could end up being bad PR for Motorola.
Funnily enough that same social media person has some odd ideas about trust and PKIs.
>some odd ideas about trust and PKIs.
Can you explain what you mean?
+1 This complete lack of transparency is the same gripe I have with the Signal Foundation.
FWIW, https://ised-isde.canada.ca/cc/lgcy/fdrlCrpDtls.html?p=0&cor... lists three directors for the GrapheneOS Foundation: Khalykbek Yelshibekov, Daniel Micay, and Dmytro Mukhomor.
How so wrt Signal?
What are donations being spent on, who makes those decisions, what's the roadmap, what's up with MobileCoin, why the hell do they put so much trust into Intel SGX when there are so many known vulnerabilities, …
I've been a Signal/TextSecure user since day one and have convinced many dozens of people to switch to Signal but, man, they don't exactly make it easy to be a fan.
2 replies →