The Librem 5 doesn't meet the basic security expectations of GrapheneOS including having full security updates. It will ship on day one with serious vulnerabilities and no way to fix them. Similarly, it doesn't meet a lot of other standard privacy/security expectations either.
Conversation
This Tweet was deleted by the Tweet author. Learn more
It's a hard requirement for devices to meet certain basic security standards including having full security updates and meeting the other industry standards. GrapheneOS won't provide official upstream support for hardware targets significantly less secure than the status quo.
1
1
GrapheneOS can certainly be ported to the device. However, it does not meet the requirements needed to provide a real GrapheneOS device. It will never receive official support. If a future generation meets the basic security standards, that could change, but it likely never will.
1
1
This Tweet was deleted by the Tweet author. Learn more
They aren't going to do that. The choices are deliberate. I've already talked to them in the past when they were trying to use my project as a way to promote it by announcing an empty partnership, as has been done in many other cases. I'm not excited about rolling back progress.
1
This Tweet was deleted by the Tweet author. Learn more
I don't know how it lines up with other things. I stopped following it early on when it became clear to me that they were going to keep spreading misinformation and making dishonest claims, along with taking an approach to the design that's inherently misleading / dishonest.
1
1
See this thread and the responses to the replies by twitter.com/marcan42/statu. They've gone out of their way to turn it into more of a black box and to prevent updating firmware, including preventing shipping full security updates. GrapheneOS can't officially support it.
Quote Tweet
Link to the story from @Puri_sm. The fact that their engineer had to design that horrible nonsense workaround with a straight face and write the blog post to top it all off makes me sad. puri.sm/posts/librem5-
Show this thread
1
1
They spend their resources on making the device less secure, making dishonest / harmful marketing and developing a new mobile software stack offering drastically less privacy / security. It's presented as being about privacy and security but that couldn't be further from truth.
1
1
They've spent several years making false / dishonest attacks on other products / projects. I was initially a supporter before I learned more about the company and their plans for the hardware. They could have focused on at least matching status quo privacy/security but didn't.