I understand that probably there is little interest if you are a device ROM maintainer to embed a backdoor into it. But it’s still possible. Lineage has a fairly simple and open build process. Should I do it on my own? Or should I trust the maintainers and not bother? What are your thoughts?

  • henfredemars@lemdro.id
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I think they require that builds happen on their build servers using public source to make sneaking in something unsavory harder. A maintainer can’t just say here ship this binary.

    Here you can see that they use an automated build system and a means to track what is getting built.

    What is your threat model? I would be more worried about those proprietary firmware blobs that you have to use with your hardware irrespective of what ROM you choose. If you’re worried about a maintainer sneaking in a back door, I would think that unlikely because it would leave a paper trail.

    • FarLine99@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yes, I have already been explained here how the build process takes place. Now I understand that it is transparent and open. I didn’t know this before and thought maintainer was just putting builds in the repository 🤷 I’m stupid, I know 😁