<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div>Do they have a track-record of spinning-out the android security updates quickly? I am using the stock android OS on my Nexus 5x mostly because I know that they get the security updates out on a regular basis (and even they don't have the patched kernel for the recent Dirty Cow vulnerability, which should come in the coming month's update).<br></div>
<div><br></div>
<div>I'm also unclear as to whether Copperhead comes with the f-droid or google app stores pre-installed, or whether you'd have to install those via allowing external sources. I never felt good enabling that option.<br></div>
<div><br></div>
<div>All in all, this sounds like a pretty good alternate rom as compared to the others. Have you installed it, or are you just considering it?</div>
<div><br></div>
<div>Jim</div>
<div><br></div>
<div><br></div>
<div>On Sun, Nov 6, 2016, at 03:32 PM, Dan Krol wrote:<br></div>
<blockquote type="cite"><div dir="ltr"><div><p>Hello all,<br></p><p>I'm not sure how many of you use Cyanogenmod these days or how you feel about it.
Personally I'm disappointed that it's been 6 or 12 months (and however
many CVEs) since the latest Release build on my HTC One M8, and I don't
care to deal with the hassles that comes with running Nightlies.<br></p><p>I randomly heard about Copperhead OS on Hacker News:<br></p><p><a href="https://copperhead.co/android/">https://copperhead.co/android/</a><br></p><p>Sounds better to me; they put the important stuff upfront. FOSS,
security, fast updates. Cyanogenmod has all that in theory but in
reality I'm not even sure how prompt they are since the ecosystem is
opaque. (As Jim knows, I found that Cyanogenmod's "https
download links" for ROMs actually redirect to http mirrors. I even
reported that as a
vulnerability to Firefox and Chromium but they considered it the fault
of the site. Perhaps I should have hassled Cyanogenmod directly.)
Copperhead OS actually gpg signs their ROMs; imagine that.<br></p><p>Copperhead OS seems much more limited in scope, but the Pixel is on
their list of planned devices to support. So, I don't need to run older hardware like Cyanogenmod.<br></p><p>The bad side: it sounds like they will support things as long as
AOSP, and Google only guarantees support for a device for 2 years
(according to a random HN comment; perhaps they may do longer than they
guarantee) Is there no way to keep my phone safe? Literally every
Android device more than a couple years old should be recycled? I wish
it were like normal computers. I did hear something about Resurrection
Remix doing security updates for older devices, but their downloads page
links to a forum post, which has links to some third party file hosting
thing. Nothing about ROM verification. Feels a bit shady to me, though
maybe I shouldn't judge it that way.<br></p><div><span>Thoughts?<br></span></div>
</div>
<div><span>-Dan</span><span></span><br></div>
</div>
<div><u>_______________________________________________</u><br></div>
<div>discuss mailing list<br></div>
<div><a href="mailto:discuss@lists.chicagolug.org">discuss@lists.chicagolug.org</a><br></div>
<div><a href="https://lists.chicagolug.org/mailman/listinfo/discuss">https://lists.chicagolug.org/mailman/listinfo/discuss</a><br></div>
</blockquote><div><br></div>
</body>
</html>