But Debian has security updates and you can set up unattended upgrades.
lemmeee
joined 11 months ago
You are right that some projects are more likely to have vulnerabilities than others. But at least with libre software any expert can look into it, fix it and distribute the patch to others.
I don't have much hope for RISC-V, since most SBCs that use it seem to require a custom Linux kernel, so it's the same problem that we have with ARM. Maybe things will get better at some point, but unfortunately most people don't seem to care. I haven't heard of Redox before. It looks interesting, but it's a shame that it's not under a GPL license.
But right now GrapheneOS even despite proprietary hardware is the best option security-wise
Maybe you are right and Graphene with F-Droid is the most secure option. I don't think it's necessary to have all of its features, since we don't have them on desktop either, but it would be nice to have them on mobile for sure.
unless you’re willing to tinker with hacking together some RISC-V SBC-based device (which might even have better battery life than most smartphones by up to 60%!)
That's crazy! Is RISC-V so much more efficient than ARM?
And forget compiling any Rust code on the currently available RISC-V CPUs
Is that not possible?
AOSP is not proprietary.
I never said that it was.
Also security is not achieved merely by the merit of being libre, see CVEs for sudo, glibc or Apache HTTP server or even the Linux kernel itself.
Being libre is the basic requirement to even being considering something as secure, but it is not enough by itself. I agree.
And when it comes to proprietary firmware updates, in case of x86 one such notable example is the microcode which is pretty important to keep updated for security.
Generally that's what people say, but is it really that simple? A new firmware version might fix some known vulnerability, but its developers might have also introduced a new one on purpose. So a known vulnerability might have been fixed, but you might have gotten a new one that isn't yet known. So I don't know if that's really so much better. Also I assume that the only way to exploit those vulnerabilities is through malware? But if you only run free software, the risk of getting malware is very small.
There seems to be some progress with the call audio issue, so it might get fixed soon. As for WhatsApp you can probably run that with Waydroid (but eventually you should switch to some free software messenger).
The keyboard addon helps a lot, but it makes the phone big and heavy. I wonder what it's like with those extended battery cases that you can buy or 3D print.
I haven't used postmarketOS, but I don't see why it would be any better than Mobian or Manjaro (Manjaro might not be the most stable though). Maybe you are talking about Android phones, in which case you are probably right - other distros might not support those so well. postmarketOS and other distros don't use mainline Linux, so I don't know why you would call them that, though. For me this is the biggest flaw of GNU/Linux phones.
I know that postmarketOS developers contribute a lot in different areas, but so do Mobian developers. I think the kernel we use was initially developed by Megi.
That's what I thought and it seems like even those SoCs didn't have very good mainline Linux support.
Edit: I wonder if it would be possible to take some newer Rockchip SoC and underclock it so that it uses less power? Maybe that would help a little and it would still probably be faster than PinePhone Pro.
There used to be Nitter project, but it seems to be dead.
If he's so smart, why can't he use GNU/Linux?
But why run another proprietary operating system?
The phone doesn't listen into your conversations or read your emails. The company isn't using your every move to feed machine learning algorithms. You are not the product.
How would the author know? It's a proprietary operating system.
The people in the bus are the users of free software projects that depend on proprietary CUDA libraries.