Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hsbauauvhabzb 2 days ago

I got curious and found this: https://discuss.grapheneos.org/d/7208-8y-security-updates-on...

At the risk of doing their work for them, that seems like a near ideal partnership opportunity for graphene, so it’s extra sad to see.

mbananasynergy 2 days ago | parent | next [-]

It's important to note that these "8 years" aren't actually that in practice due to the delays. The latest generations of Pixels (starting with the 8th) have 7 years of actual security updates, which is one year less, but is proper support. Hopefully the industry trends towards that as a whole - buying devices that only get 2-3 years of updates should be a thing of the past.

rjzzleep 2 days ago | parent [-]

Isn't that related to how expensive it is to get licenses from MTK and Qualcomm for updates? Given that Pixels run on their "own" chip, driver support is probably much easier.

strcat 2 days ago | parent | prev [-]

Fairphone devices have 1-2 month delays for partial security patches. They have a year or more of delays for new major releases. Their recent Fairphone 5 uses the Linux 5.4 LTS branch going end-of-life in December 2025 with no plan to port to a new LTS branch. Their past devices use end-of-life Linux kernel branches. They do not provide the expected security patches even shortly after release. They aren't doing the bare minimum and aren't even compliant with recent EU regulations for device updates.

Google provided resources for the Linux kernel to extent LTS support for 6 years for their 5 year guarantee with the Pixel 6. It ended up not being needed since Pixels began moving to newer Linux LTS branches. The official Linux kernel LTS support is back down to 2 years. The 6 years was meant to benefit all Android devices but it proved to be too difficult to do well and it makes more sense to invest a far smaller amount of resources moving to new LTS branches.

Fairphone presents providing an Android OS release 3 years after it was released as providing 3 more years of extra support compared to an OEM releasing it in the month it was launched as their final update. That doesn't make sense.

They've repeatedly had blatant security flaws such as using publicly available private keys for signing the OS on the Fairphone 4. These issues are downplayed rather than being acknowledged.

There are important security features missing, but the main issues are the lack of proper updates and their approach to security flaws being reported and discussed.

Many Android OEMs are a better fit for a partnership with us and we're working with one.

https://discuss.grapheneos.org/d/24134-devices-lacking-stand... is a better thread about this than the one you linked.

hsbauauvhabzb a day ago | parent [-]

That looks like a real shame and granted not the fault of graphene.