12-10-2020, 07:33 PM
@ryo
Well, I wouldn't say the Android example is relevant here, because a) AOSP is a gigantic codebase and nobody has truly audited it, so it's natural to not trust it, while a simple app like Signal is tiny in comparison; and b) of course if you instal proprietary components like gplay then everything is gone, but I don't see how that's relevant.
The possibility of malicious updates is there but just one such incident would ruin the reputation of Signal, so there would need to be some truly exceptional circumstances. It's also always possible to just build from source every time, if desired.
Anyway the pros and cons of Signal are probably not too relevant to a general discussion about hardening a pinephone.
Well, I wouldn't say the Android example is relevant here, because a) AOSP is a gigantic codebase and nobody has truly audited it, so it's natural to not trust it, while a simple app like Signal is tiny in comparison; and b) of course if you instal proprietary components like gplay then everything is gone, but I don't see how that's relevant.
The possibility of malicious updates is there but just one such incident would ruin the reputation of Signal, so there would need to be some truly exceptional circumstances. It's also always possible to just build from source every time, if desired.
Anyway the pros and cons of Signal are probably not too relevant to a general discussion about hardening a pinephone.
