Why is GrapheneOS against GNU?
Why is GrapheneOS against GNU?
@lunar_dust_463@mstdn.social They want you to use an OS which doesn't provide firmware updates and therefore doesn't protect you from serious known vulnerabilities. The firmware is still present when using an OS not updating it. Pretending as if the hardware and firmware isn't closed source by not...
They say that GNU is spreading misinformation and "stop getting info from charlatans"?
You're viewing a single thread.
Pointless over-reaction from GrapheneOS. GNU is harshly honest about the open-source stuff - blobs are obviously, proprietary, and so are Google-based softwares and services.
I'm afraid to ask this because I'm not a dev, but I have a fair amount of linux experience. Why is it that the ability to install Google Play Services on GrapheneOS makes it not FOSS/open source, while the ability to install Google Chrome (or any proprietary software, I guess) on Linux doesn't make is non-FOSS/open source?
I'm not articulating that question very well, and I'm assuming I'm missing some key component, but they seem comparable to me, as a regular user. Is it something like the level of access that GPServices has to the kernel?
On Linux most distros do not actually ship chrome but chromium which is the open source version of chrome.
It also comes down to how different groups define FOSS. GNU considers even helper programs (like a package manager or firmware installer) to be "bad" for the user because they "encourage" its use so they dont want them included in GNU approved distros like trisqul or guix . this leads to those "freedom respecting" distros not having things like basic WiFi drivers or support for any 3rd party drivers.
To a less extreme degree but similar is a distro like debian, where there is a "non_free" repository available but users can choose not to enable it.
And so GNU sees having the playstore as a bad thing because its gateway to installing other non free software. Its also safe to assume most gnu evangelists probably don't care much for chromium either.
Thank you for asking a question that you were afraid to.
You could just have easily moved on, but instead you give others the opportunity to share their knowledge and subsequently you give other people opportunities to learn.
Maybe one day we can have an internet not so full of snarky replies, and instead one where everyone is given opportunities to learn, and ask, without fear of being belittled.
In order to give those with knowledge the opportunities to share, we need to ask questions that are indicative of our current understanding (or lack thereof).
It may sound silly, but asking questions really is a vulnerable act. Genuine questions are often met with unjustified and unhelpful hostility on the internet.
tl;dr: Thanks for asking! Now I'm wondering the same thing.
edit: a word
I don't have a precise answer as I'm not from that team, but as a developer I think I have a decent idea as to why, and it's mostly political.
First, I don't think it's necessarily the ability to install Play Services that makes them think it's not FOSS, but that they distribute non-free firmware blobs which are necessary to make practically any modern phone function properly, that's just the unfortunate reality because "we live in a society" that enables it. By that logic, I think they believe the vast majority of running Linux kernels on the planet are not FOSS. GNU would rather have things that are not practical and don't exist today... their stance is not currently realistic in our capitalist society IMO. They hope for things to change, but hope doesn't make change.
I also think some people look down on the Play Services thing merely because they went out of their way to explicitly support it in the OS, and basically nothing else. They disagree ideologically with F-Droid and they don't offer any other app stores by default to my knowledge.
it's mostly political
Oh I gotcha. Interesting. I don't follow FSF or GNU or anything, do you know if they tend to be antagonistic toward nonfree devs who still try to be as free as possible? Honestly, I read the Stallman quote about FreeBSD in this thread, and a statement from GNU that acknowledges the impracticality of their philosophy, and I kinda agree with their ethical takes. Except, I also think people should be able to install nonfree software, because otherwise you have a pretty bad dilemma with the word "free."
Ultimately, if they are actively antagonistic toward those who don't share that philosophy, I think that's not great. Sure, free software according to the GNU project may be the only ethical one, but we live in a culture that promotes the exact opposite idea, so why would I be surprised and upset when an otherwise ethically acting person doesn't conform to my own ethical framework, and they go on and create nofree software. I'm still going to get a beer with that person because at the end of the day we probably have common values and how else am I going to sell them the idea free software
Both GNU and GrapheneOS have staunch requirements and will accept no compromises.
This is a situation where their requirements don't align, so they'll never reach an agreement.
GrapheneOS, for example, is also strictly against making the Fairphone line of phones a little more secure because it doesn't meet all of their security requirements
In this case GNU won't certify GrapheneOS as fully open because it includes binaries that aren't open
The FSF is more along your line of improving the situation where they can
Graphene is totally open source, nothing is stopping fairphone from maintaining a port for their phones
GOS did reach out to them in the past, but they couldn't reach a mutual understanding for support regarding hardware level patches for the fairphone 3 I believe. There's a git issue about it
I see no reason the fairphone 5 couldn't have GOS support, sure it's missing some of the security requirements, but fair phone could build the branch and make it public
Unfortunately, the FSF isn't against firmware blobs, only against those updatable by a user.
From their Respects Your Freedom requirements page.
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
This means that proprietary firmware flashed at the factory and impossible to replace gets a pass, while hardware with firmware updates through blobs is rejected. Important security fixes (CPU microcode) or stability improvements will be missing if you can't update the firmware.
And thats why they advocate open hardware
Sure and that's the ideal, but as it currently stands the FSF would rank hardware like this:
- Fully open source
- Proprietary flashed in factory and impossible to replace
- Proprietary and can be updated/replaced
This makes no sense for security, stability or ideological reasons.