Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I hope you consider strict threat modeling when deciding which approach to security is preferred. How about a threat of Google removing your control of the OS [this thread] and [0]? Or Google delaying security patches [1]?

[0] https://news.ycombinator.com/item?id=45017028

[1] https://news.ycombinator.com/item?id=45208925



>Google removing your control of the OS

That is a feature of Play Services and not a part of AOSP which is what we are talking about.

>Or Google delaying security patches

Like it or not coordinated vulnerability disclosure is a thing in the industry and is done by other Linux distros too.


This is not "coordinated vulnerability disclosure". It's waiting for slow vendors at the risk of everybody else.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: