zlacker

>>wicket+(OP)
While I share the concerns about Android, it feels silly to me to go back to Linux's (nonexistent) security model and bad mobile UI/UX. Why not try to fork AOSP or GOS (for broader device compatibility, even if it means giving up some its sexy security properties)?

Note that this could include packaging Linux GUI applications as Android APKs (with some additional glue code and Wayland/DBus integration of course), so it's not even an either or.

>>codeth+sZ
> I share the concerns about Android

> Why not try to fork AOSP or GOS

Which concerns do you share? Both AOSP and GOS must follow the Google development strategy, they aren't exactly independent on Google (which is a problem: >>45208925 ). Nevertheless GOS on Librem 5 or Pinephone would be a nice idea, except the GOS developers are against that: >>45101400

> Linux's (nonexistent) security model

Linux's security model is based on trusting the software you're installing from the FLOSS repositories, and it works very well.

>>fsflov+0m1
> Linux's security model is based on trusting the software you're installing from the FLOSS repositories,

That's not a security model, and we don't live in fairyland.

Just take a look how well this works with npm packages. It just so happens that emacs plugins are not the most worthwhile target for attackers.

>>gf000+2s1
> npm packages

This has nothing to do with what I said. npm is not a trusted or a FLOSS repository.

> we don't live in fairyland

When did you see a malware in Debian's repositories last time?

>>fsflov+Ks1
https://en.wikipedia.org/wiki/XZ_Utils_backdoor

>>jovial+dz4
It never came to Debian and was a work of a tremendous effort. This almost never happens, and when it does, practically nothing can protect you.