You're bringing it up at the same time as Pine64 which has similar technical issues but without nonsense from the company / leadership including lots of harm. It's also a bad target, with no sign of ever wanting to make a good one, but at least they don't lie and cause harm.
Conversation
IMO Librem5 has better hardware but the marketing and misrepresentation of it is a black eye to be sure.
Still if forced to pick between them or Google right -now- while we spend a few years making long-term sustainable/secure hardware I take Purism.
2
You can't make a device with decent security based on it and it's far from being able to run a fully functional AOSP particularly with the security features supported (but far beyond that) so not sure what you plan on doing with it.
1
At least Pine64 doesn't have deliberate anti-security measures and anti-security policies / ideology. It's just not technically advanced in that regard so it's far behind the status quo / industry standards (applies to both) but the reasons are better (lack of resources).
2
Anyway, if you want to support charlatans it doesn't just mean definitely not having my support, but I'll actively oppose it.
Really not interested in building something offering trash tier security and robustness along with even worse usability.
Not a long-term path either.
2
Again. I just need something maintainable I can run in my pocket today at least as secure as my laptop.
Pixels are a dead end.
Long term I want exactly what you describe but until thaf project actually breaks ground I have to hack ogether the least bad of terrible options.
1
What you're talking about is already dead on arrival: remotely exploitable over the air via known vulnerabilities without being able to provide over-the-air patches for the issues.
What's not terrible about rolling back security so much + not having updates?
2
What's not a dead end about building on a product from an incredibly dishonest company that's actively against security?
How are you going to make something usable out of AOSP on that? Not even sure how it overlaps with anything to do with security when it'll be so much worse.
2
You're really going to develop a whole proper Treble implementation, a bootloader with A/B updates, recovery and everything else that would have to be done, just to have a far from fully functional AOSP platform with far less security? I really can't understand. Way harder too.
1
Don't see how you think that's easier or how you plan on even providing full security updates at all when the product is deliberately designed to stop you from doing it... and they aren't fully available regardless. You talked about doing this before and make it sound so easy.
1
Maybe that is what people want to buy as a product with the right marketing and BS applied. Hard to see how it's genuinely useful or a good option. At least target the Pinephone or one of the other projects like it (there are several others in various stages) instead...
The Librem5 is better hardware imo and the baseband and wifi are user upgradable so I can swap in better ones as driver issues are resolved.
It is just a tiny Linux laptop to me for now.
1
I likely won't even bother with AOSP on it. I just need to be able to use matrix and a browser on the go.
I need something very low investment that is easy to work on that I won't trust with much.
Long term I want what you want. We actually are on the same page there imo.