The background story of the project is quite sad, so it sort of makes sense that he is very defensive of it. (The project got some monetary support initially from a company, which later tried to hijack the whole open-source project (going by copperhead os nowadays, I believe). Fortunately thanks to Micay the original was unharmed (he revoked private keys, big kudos!), but they do throw shade at GrapheneOS promoting their shady fork in many relevant threads)
Nonetheless, he is an excellent security researcher who has an excellent track record of prioritizing the security of his userbase, even if he may (more or less validly) be a bit overly defensive over it.
In my understanding, it's CalyxOS throwing shade, not Copperhead, although the whole situation is murky. In my estimation, there do seem to be comments devoid of substance disparaging GOS every time it is promoted somewher like HN.
GrapheneOS was started in 2014 and was previously known as CopperheadOS. I co-founded the Copperhead company in 2015 and I still own half of the shares today, which gives me 50% control over the company. GrapheneOS (formerly CopperheadOS) remained an open source project under my control and ownership, not the company we founded to sell services and devices based on the project. Unfortunately, my former business partner decided to unilaterally take over the company and manage it in his interests. He tried and failed to take over the open source project. Edward Snowden was one of the CopperheadOS users who helped me defend the project against the takeover attempt and helped to fund the continuation of the project under the Android Hardening and then GrapheneOS brand names. He helped me get a lawyer via the EFF and is the reason I continued the project instead of giving up and moving on. You're spreading talking points from a scammer who chose a Raytheon contract requiring access to the signing keys for GrapheneOS (CopperheadOS) over fulfilling the company's commitments to the open source project it was supporting, and to me as a co-owner of the company with equal voting rights. Again, I still have those shares. I'm speaking as 50% owner of Copperhead and one of the 2 co-founders of the company, which was founded in late 2015, a year after the open source project was started. Note: there was a 3rd co-founder who my former business partner pushed out of the company early on and didn't give shares they were probably entitled to getting, and that person (Daniel McGrady) supports me.
Today, CopperheadOS is used as a brand by that company for a completely closed source fork of legacy GrapheneOS code. They don't develop anything of value and simply take our code months or years later. Anyone who looks into it can see that the Git repositories from 2014/2015 belong to the GrapheneOS organization and are the repositories we're using today. We still have the legacy issue tracker for mid-2018 and earlier too:
Ask Edward Snowden if he thinks I did the right thing by protecting him and other GrapheneOS (CopperheadOS) users from James Donaldson. The vast majority of users / customers supported me and continued supporting GrapheneOS afterwards. Only a tiny number of people supported Copperhead and most of the people they duped were people who discovered it post-2018 based on them pretending to have made my project and pretending to own the legacy code, which they don't, and they've already lost that battle. Why did the legal battle not go their way if they were in the right? ...
Interesting.. Why would Raytheon need signing keys? I have not heard or seen any OSS project in use by them ever complain about this.
Edward Snowden is a bad example. He is a SharePoint admin and traitor to the West. It makes sense that he would betray his country, hide under Putin and undermine Western companies.
You've repeatedly engaged in harassing me and spreading fabricated stories about me. Your community comes to most of these threads and does this. It's getting old.
Could you elaborate on what you consider personal attack? The bar is extremely low these days, and I have an experience of the opposite: One day I was inspecting the traffic from my GOS device with tcpdump, and I noticed lookups and traffic to the connectivity test servers going outside my VPN. I raised this in the IRC channel, and criticised the lack of option to turn them off or route them via the VPN on the basis that it leaked metadata. The main developer disagreed that it constituted a security issue. After considerable back and forth, I took it upon myself to implement the feature. Before I got round to it, I found it in the next update of GOS. GOS is the single most reliable android distro I have ever used by a considerable margin.
