I starter with what I could do which is get a good determinstic build baseline... And I can't even keep up with that. Google closes bugs I file for determinism. They don't care.
AOSP seems too big to review or maintain in the way I want an OS reviewed and maintained. That sucks.
Conversation
The Linux kernel is far beyond doing any kind of serious auditing / review, and there are not people even attempting to do that across it. Even Linus lacks a grasp of it as a whole. Chromium or any other functional browser engine is the same situation. What do you plan to ship?
1
You are preaching the the choir on these points.
I'll use the Linux kernel today because it is the least bad most audited thing that works.
Once I have an MVP I can try to use a microkernel the community can hope to audit.
I would love a SeL4 feature phone, for instance.
1
1
The truth is, I 100% agree with you. When there are millions of lines of code it is a black box the community will never be able to fully review.
This conversation has made me now double down on wanting get a feature phone with as little code as possible that can be audited.
1
1
The whole idea of ever having fully community reviewed and open devices without single points of failure when there is 250gb of source code to build android... who has time to build it let alone review it?
The leaner the tree, the better chance of useful decentralized review.
2
1
> there is 250gb of source code to build android
No, there isn't.
> who has time to build it let alone review it?
How exactly do you plan on doing any meaningful review of the Linux kernel, no one else is doing either? Also, a browser engine has more code + more time to build.
2
You are not hearing me. I agree with you.
I want to start ripping things out, and eventually rip out the kernel too.
The modern smartphone approach has too much bloat to ever be fully reviewed or trusted in the way I want.
1
Yeah, and so does Linux, or Chromium. You certainly can't use an ARM SoC which is actually largely a black box (unlike a closed source library where you have all the unobfuscated, simply compiled code, and could review it in the that form, which may even be better for your goal).
1
1
So, no web browser with what you want to do, and definitely no massive monolithic kernel with immense intertwined complexity like Linux. It's far harder to review Linux than even 10x or more code spread out into small components with clear boundaries and APIs.
1
You seem to have a very warped idea of how code review works and what it accomplishes, especially if there is actually supposed to be understanding of the code as a whole, and full review of all of it. That's just not realistic for a project like Linux or a web rendering engine.
1
No team is ever going to be able to fully review and understand a project like Linux. It is beyond human understanding / capabilities. It's immensely complex without clear boundaries between different things. No one is even attempting to do any kind of full picture review of it.
There is some basic code review for patches. It's often very lax and the reviewers don't come close to fully understanding what they're signing off on and reviewing. Can't even imagine actually doing that for the project as a whole, not just the changes beyond done for it.
1
As I have said several times now, I do not think anyone stands a chance of fully reviewing or auditing the Linux kernel.
I do however see that as a placeholder while everything else gets stripped down.
I want the Linux kernel replaced with a microkernel.
1
It's not something that can simply be replaced with a drop-in replacement unless that includes running the Linux kernel on top of it or using gVisor which is what we are considering doing in the long term for GrapheneOS. You'll be building around how Linux and *nix works.
1
1
Show replies