No team is ever going to be able to fully review and understand a project like Linux. It is beyond human understanding / capabilities. It's immensely complex without clear boundaries between different things. No one is even attempting to do any kind of full picture review of it.
Conversation
As I have said several times now, I do not think anyone stands a chance of fully reviewing or auditing the Linux kernel.
I do however see that as a placeholder while everything else gets stripped down.
I want the Linux kernel replaced with a microkernel.
1
It's not something that can simply be replaced with a drop-in replacement unless that includes running the Linux kernel on top of it or using gVisor which is what we are considering doing in the long term for GrapheneOS. You'll be building around how Linux and *nix works.
1
1
If app compat with an existing platform is a non-goal, it doesn't really fit. There are projects and companies developing devices meant to be secure in a much more meaningful way. I do not think it can be built on the Linux kernel, and definitely not any major Linux distribution.
2
1
If the Linux kernel is the core of the OS, then I don't think all this concern about the possibility of backdoors, etc. makes much sense at all. There are far bigger problems. There are plentiful critical severity code execution bugs and it's probably getting worse, not better.
2
Every major release of the Linux kernel adds substantial complexity and attack surface. Components get increasingly complex with the focus on ever increasing features and performance through complexity. Added mitigations hardly accomplish anything in the grand scheme of things.
2
I very much hope you go down this path towards Linux+free GraoheneOS. It seems like our end games are not far off though we will likely start from different ends of the stick. Your users want to support APKs and my user... me... doesn't need that overhead.
1
Ultimately, I don't think there's really enough demand / support for what I want to build or what you want to build and what people will have as the only viable option down the road is an iPhone. I'm not optimistic about the future of this project or others like it.
1
And it's really frustrating for me when I see you dismissing the value that we provide today while you don't really seem to have an alternative path that actually provides people with substantial value today. My long term vision isn't really GrapheneOS. It's something else.
1
2
I do not really believe that I'm in a good position to accomplish my long term goals especially with the weight of maintaining GrapheneOS as it exists today on my shoulders. I was once optimistic, but that was before being taken advantage of and screwed over repeatedly including
1
1
by one of the companies you seem to have been duped by in regards to their product. Based on my experience / knowledge, including personal/insider experience with that company and the experience of others, they are not how they portray themselves to be and neither is the product.
I don't really care about the marketing as much as I do tangible defects in the current hardware offerings you may be aware of. If you get time to share those I would love to hear them.
1
1
As far as ethics.... Every hardware bender is unethical at some level. I have to pick the hardware with the most flexibility and that seems like the Librem5 until I learn otherwise from you.
1
1
Show replies