zlacker

[return to "Cops say criminals use a Google Pixel with GrapheneOS – I say that's freedom"]
1. 2OEH8e+Mf[view] [source] 2025-07-23 14:53:50
>>pabs3+(OP)
I don't trust Graphene but I want to. Who are the devs and who are their sponsors? I worry about supply chain attacks. Why should I trust their supply chain and anon devs?
◧◩
2. kytazo+Ji[view] [source] 2025-07-23 15:07:24
>>2OEH8e+Mf
You don't trust the devs, you trust the public code
◧◩◪
3. 2OEH8e+Vi[view] [source] 2025-07-23 15:08:27
>>kytazo+Ji
Unless you build it yourself you do trust the devs. You aren't running public code on your phone you're running compiled binaries. Compiled by who? How securely? Who has keys?

It's also a leap of faith to assume that public code is any safer.

◧◩◪◨
4. Aachen+wn[view] [source] 2025-07-23 15:32:40
>>2OEH8e+Vi
You're not wrong that one needs to have some trust in the devs of open source code, but if you are this level of paranoid then having the code available is essential to your threat model because it allows you to build it yourself so you know what you're running. Nobody can audit everything, but if enough people are involved in the development, they would all have to collude (or the malicious one has to hope they get lucky) since each one of them has a chance to spot when one of the developers were to be malicious
◧◩◪◨⬒
5. 2OEH8e+xt[view] [source] 2025-07-23 16:04:34
>>Aachen+wn
My point is if I don't trust Google why should I trust anons and anime characters more?

I was hoping someone could give me more than "it's public."

◧◩◪◨⬒⬓
6. Aachen+t91[view] [source] 2025-07-23 20:00:17
>>2OEH8e+xt
Sorry, it is what it is
[go to top]