this post was submitted on 18 Jun 2024
237 points (95.1% liked)
KDE
5317 readers
253 users here now
KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.
Plasma 6 Bugs
If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.
If it hasn't, report it yourself.
PLEASE THINK CAREFULLY BEFORE POSTING HERE.
Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
@mox @manualoverride while I absolutely agree with your position, also keep in mind that this has security implications.
Beside the fact that most vendors dont even use all the patches available from AOSP, no custom ROM project can backport all patches. Sooner or later this means there are devices that cant be securely used anymore, unless someone does the effort.
a vendor concept with a subscription could solve this I guess or enough support for an open project e.g. @GrapheneOS
@brahms @mox @manualoverride
OEM support for the device is needed because an alternate OS cannot provide firmware updates otherwise. In practice, driver updates also come from the OEM. Providing the Android Open Source Project backports is nowhere close to full security patches. It's unfortunate that most alternate operating systems mislead users about this by setting an inaccurate Android security patch level field, not being honest about what's missing and downplaying the importance of it.
@brahms @mox @manualoverride
Firmware and driver patches are not any less important than generic OS patches. A high portion of critical severity patches are for drivers.
Android Open Source Project has a new release every month. These are monthly, quarterly and yearly releases. Yearly releases move forward around 3 months on the development branch. Since Android 14 QPR2, quarterly releases also do the same and just leave most new feature flags disabled. These are required for full patches.
@brahms @mox @manualoverride
Android Open Source Project provides backports of most but not all High/Critical severity patches to the initial yearly releases of Android 12, 13 and 14 for devices which have not updated to the latest release (currently Android 14 QPR3). The combination of these backports with baseline firmware/driver patches form the Android Security Bulletins referred to by the security patch level. This is not the full set of security patches, just absolute bare minimum.
Firmware and drivers can be made open, just as other software can be made open. It's really just a matter of incentives. In my experience, law tends to be a pretty effective incentive.
If the bill of materials included the legal requirements discussed here, then a component supplier would either start producing open firmware/specs, or they would lose that market to another supplier.
Obviously, Android would not be the only project/product affected by such a legal change.