I understand that probably there is little interest if you are a device ROM maintainer to embed a backdoor into it. But it’s still possible. Lineage has a fairly simple and open build process. Should I do it on my own? Or should I trust the maintainers and not bother? What are your thoughts?

  • @[email protected]
    link
    fedilink
    English
    1
    edit-2
    1 year ago

    I think they require that builds happen on their build servers using public source to make sneaking in something unsavory harder. A maintainer can’t just say here ship this binary.

    Here you can see that they use an automated build system and a means to track what is getting built.

    What is your threat model? I would be more worried about those proprietary firmware blobs that you have to use with your hardware irrespective of what ROM you choose. If you’re worried about a maintainer sneaking in a back door, I would think that unlikely because it would leave a paper trail.

    • FarLine99OP
      link
      fedilink
      English
      11 year ago

      Yes, I have already been explained here how the build process takes place. Now I understand that it is transparent and open. I didn’t know this before and thought maintainer was just putting builds in the repository 🤷 I’m stupid, I know 😁