[chiglug] Thoughts on Android variants? (In particular, Copperhead OS?)
Jim Campbell
jcampbell at gnome.org
Sun Nov 6 23:01:51 UTC 2016
Do they have a track-record of spinning-out the android security updates
quickly? I am using the stock android OS on my Nexus 5x mostly because I
know that they get the security updates out on a regular basis (and even
they don't have the patched kernel for the recent Dirty Cow
vulnerability, which should come in the coming month's update).
I'm also unclear as to whether Copperhead comes with the f-droid or
google app stores pre-installed, or whether you'd have to install those
via allowing external sources. I never felt good enabling that option.
All in all, this sounds like a pretty good alternate rom as compared to
the others. Have you installed it, or are you just considering it?
Jim
On Sun, Nov 6, 2016, at 03:32 PM, Dan Krol wrote:
> Hello all,
> I'm not sure how many of you use Cyanogenmod these days or how you
> feel about it. Personally I'm disappointed that it's been 6 or 12
> months (and however many CVEs) since the latest Release build on my
> HTC One M8, and I don't care to deal with the hassles that comes with
> running Nightlies.
> I randomly heard about Copperhead OS on Hacker News:
> https://copperhead.co/android/
> Sounds better to me; they put the important stuff upfront. FOSS,
> security, fast updates. Cyanogenmod has all that in theory but in
> reality I'm not even sure how prompt they are since the ecosystem is
> opaque. (As Jim knows, I found that Cyanogenmod's "https download
> links" for ROMs actually redirect to http mirrors. I even reported
> that as a vulnerability to Firefox and Chromium but they considered it
> the fault of the site. Perhaps I should have hassled Cyanogenmod
> directly.) Copperhead OS actually gpg signs their ROMs; imagine that.
> Copperhead OS seems much more limited in scope, but the Pixel is on
> their list of planned devices to support. So, I don't need to run
> older hardware like Cyanogenmod.
> The bad side: it sounds like they will support things as long as AOSP,
> and Google only guarantees support for a device for 2 years (according
> to a random HN comment; perhaps they may do longer than they
> guarantee) Is there no way to keep my phone safe? Literally every
> Android device more than a couple years old should be recycled? I wish
> it were like normal computers. I did hear something about Resurrection
> Remix doing security updates for older devices, but their downloads
> page links to a forum post, which has links to some third party file
> hosting thing. Nothing about ROM verification. Feels a bit shady to
> me, though maybe I shouldn't judge it that way.
> Thoughts?
> -Dan
> _________________________________________________
> discuss mailing list
> discuss at lists.chicagolug.org
> https://lists.chicagolug.org/mailman/listinfo/discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chicagolug.org/pipermail/discuss/attachments/20161106/d7884a76/attachment-0002.html>
More information about the discuss
mailing list