[gerdesj]

"I mean it's only the keys to your whole life, no big."

It's a telephone, with a computer on it in your pocket with a shit load of sensors. The computer part involves components from many parts of the world, with many opaque subsystems. The OS is sort of Linux with knobs on and a lot of opaque parts - the first layer "belongs" to a prolific ad slinger hell bent on knowing everything about you. Then if it isn't a Google jobbie, it will have another layer of software, lots more shiny and a lot more data gathering (eg Xiomi/Samsung/whatevs). Then your "TSP" gets to put their spin on it. All three layers can sell out to eg MS for yet more data gathering and ads and profiling and so on.

Apple does the same but manages to be layers 1 and 2 and be a bit cooler about the whole thing.

You worry about Graphene?

I don't advocate for full Luddite (I run an IT company) but please get some perspective. If you are concerned about Graphene, I suggest a burner feature phone or smoke signals.

EDIT: I have F-Droid and KDE Connect wired up to both of my Arch (actually) boxes on my Samsung Invasive Intruder ... sorry Galaxy S23. I'll try switching out the Play version of Connect for the F-Droid one and see what happens.

[Brian_K_White]

The fact that other things like the carrier are bad, does not somehow make any other thing like graphene good. (not that it's bad exactly just that there is a problem, which is not no problem, even if it's a problem you personally have just decided to be ok with)

Someone else said that the head guy isn't the head guy any more so the biggest problem may not be a problem any more. The idea, stated ideal, design, & construction (as far as one can tell honestly) of the os are all fine.

But the point was, you don't need any more reason than his behavior to avoid granting him such a priviledged place in your phone, which holds such a priviledged place in your life. Just on basic principle. You don't need to justify that to anyone and he or the project does need to justify why one should trust them. The usual justification is merely the utterly flimsy weak one of benefit of the doubt. It's more or less impractical to actually vet strangers, and so you just grant benefit of the doubt until there is some reason to question. But that goes out the window the instant there IS any reason to question.

People have different tolerance for risk, and so, you might be fine with saying "that guy is acting a little weird in this way, but whatever, probably he can still be counted on in this other way.", but no one else is obligated to. And this example of "weird" was not just neutral irrelevant non-conformity.

There have been countless examples of people in positions of responsibility and trust going off the rails and taking a bunch of users down with them. There is no reason not to use your nose for what it's meant for in this way.

But like I said, maybe the problem is resolved now by the fact that we don't actually have to trust that guy any more. In which case, ok.

[smeej]

Last I checked, GrapheneOS is open source.

Don't trust. Verify.

[Brian_K_White]

Why? There are other equally open source os's I can just run instead, that don't require me to excuse or verify anything?

Even if there were something special about graphene that made it more desirable, the real way to deal with an open source project with something unacceptable about it's production or management, is to fork it. But I already have something else to do all day, and am happy to run lineage or calyx or or others. If I did need a fork, I'd need someone else to do it, and I'd have to trust them.

Fork it or help someone else who is forking it or work towards changing the original (which is what seems to have happened actually, so this is all a bit academic now), or just use anything else, are all more reasonable responses than "the people producing this thing with access to all my communications have shown themselves to be off the rails, so what I'll do is keep using it, but personally read all the code in an entire android os."

[smeej]

The point is, you don't have to trust Micay about a darn thing. The code is open. That's the whole point. Dismissing open source software because you don't trust the developer is absurd.

[Brian_K_White]

Saying that you don't have to trust anyone because the code is open is absurd.

[smeej]

If Micay says, "The code does X," anyone who can read it can review it and say, "No it doesn't. It does Y." It's right there. You don't have to trust him. He's shown it to you.

[gerdesj]

I go into F-Droid and search for "connect". The product page says I updated it 15 days ago and offers an Uninstall option. It shows 1.29.0 as the latest version. So far it looks like a second package manager working properly.

I hit Uninstall and within a few seconds the button switches to Install.

I hit install and the app is installed from F-Droid. I open it and pair my phone to my laptop.

One data point. Perhaps a knob has been twiddled in the Chocolate Factory in response to this article. There are a lot of Googlers here.

(EDIT: formatting)

EDIT2:

I've gone into the Play app and got Play Protect to scan apps: "No harmful apps found". KDE Connect is still working