zlacker

[return to "Graphene OS: a security-enhanced Android build"]
1. usuall+8q[view] [source] 2025-07-25 01:05:34
>>madars+(OP)
I was tempted to use this but when I looked into the team behind it there seemed to be some issues as exposed by Louis Rossman here: https://youtu.be/Dl1x1Dy-ej4.

Instead, I installed CalyxOS and have been using it over a year now and I'm very happy with it. Check it out.

◧◩
2. onli+AT[view] [source] 2025-07-25 06:19:27
>>usuall+8q
You are exactly right. To summarise for those who do not want to watch a video, the video shows communications with Graphenes lead developer in which he was extremely hostile and threatened Rossman. It also goes into how said developers hallucinates being attacked by specific other sites, like a Linux YouTube channel that obviously did nothing to him. His goons then attack those projects.

You have to be aware that you give that person root when you use Graphene. All possible technical improvements aside this is a very big risk. He claimed he would step back after the video released, then called that a lie and continued with everything.

Calyx seems to be the best alternative right now without such a risk factor.

◧◩◪
3. gtsop+dY[view] [source] 2025-07-25 07:04:55
>>onli+AT
Can you elaborate on why this is a risk factor? What do you mean by saying we're giving him root? If a person is paranoid of being chased i would expect them to put even more effort into the security of the OS he develops, not to add backdoors. But please expand your own reasoning.
◧◩◪◨
4. onli+9Z[view] [source] 2025-07-25 07:13:09
>>gtsop+dY
Well, he can do everything to your phone, software and data by pushing software updates. When there was a dispute in the former project copperhead he deleted the cryptographic keys, blocking software updates. Paranoia could result in just making the system more secure, but why not add a backdoor to find the spies in your userbases that communicate with the black suited men that secretly run our government? After all it is easy, they all play a specific game where they communicate via secret messages in chat.

You just don't know what will happen is what I'm saying.

The "he has root" is also a reference to ubuntus shuttleworth.

◧◩◪◨⬒
5. gf000+Q31[view] [source] 2025-07-25 07:57:36
>>onli+9Z
> when there was a dispute in the former project copperhead

You mean who tried to hijack the project in a very questionable direction, harming their users, he rather lighted the project on fire then let the users' security be compromised?

If anything, that is the greatest compliment you could give him.

Also, this is fud that he can push any kind of code, like you can easily check any part of the pipeline.

◧◩◪◨⬒⬓
6. bernou+N51[view] [source] 2025-07-25 08:19:37
>>gf000+Q31
> You mean who tried to hijack the project in a very questionable direction, harming their users, he rather lighted the project on fire then let the users' security be compromised? > If anything, that is the greatest compliment you could give him.

On one hand, sure it can be a compliment. On the other hand, it only increases the perception that he is could enact significant harm if he ever comes after you.

> Also, this is fud that he can push any kind of code, like you can easily check any part of the pipeline.

Who is "you" ? Neither Rossmann, neither me (software dev albeit not in cybersecurity), and even less so the average GOS user, and I would venture to guess that neither you can audit GOS code with enough confidence to declare that the risk of an exploit or backdoor being introduced is zero. Open-source is not a guarantee that code or software is secure (for e.g. CVE in xz utils and many such cases).

Edit: some clarifications.

[go to top]