Some devices don't have browsers, some are locked-down and only support one app store, or sideloading via adb, sometimes the UX is better (SideQuest for the Meta Quest).
> What do I need to do to make a difference, and how much time will this take?
EU or US?
> what's the path? Legislation?
Send them a letter explaining why this is bad for you. Keep it strictly factual and ideally concise. Copy Google’s legal [1] and any relevant digital or markets regulators. (If in the US, don’t forget your state regulators.)
Wait two weeks and then call the elected. Make sure they’re aware, and talk through your options. Send a letter thanking them for the call, incorporating any new information and actions they said they would take, and copy all of the previous parties again.
More work: reach out to other top developers and organise an open letter. This will be hard because everyone wants to include their pet issue and everyone will fight over scope and language.
what about EU?
ChatControl has a website, but I am having trouble finding out who the hell to contact for the requirement for google play integrity in our goverment apps (which was recently changed from requiring hardware integrity, as graphene can only do the latter.), both national and comunitary, and whoever is in charge of the repositories is not responding to the tens of issues opened for it.
Now there's also this new requirement, and it's shocking the EU hasn't responded yet. Weren't we supposed to make ourselves more independent from US technology? But i wouldn't be surprised someone would be lobbying on google's behalf to convince the politicians that "trust me bro, google play is more secure"
Thanks for the link. I have neither the time nor inclination to be a figurehead, but I can have conversations once I feel there's a reasonable/achievable outcome. I'll put some thought into it.
You can't do anything with respect to legislators. In their eyes, your privacy and the consumer's rights are less important than some grandma, who lost a large sum of money by installing malware after ignoring multiple warnings.
If you want to make a difference, try to communicate with someone from OEM companies. Google is making their phones inferior and they'll loose money and market share because of it.
After this change, "I can install NewPipe and Ad blockers" will become a major selling point for Chinese phones among large and profitable segments of the population. And that high-end manufacturers might as well give up and let Apple take that part of the market. If OEMs can be made to understand that, that's going to be the end of this initiative.
> can't do anything with respect to legislators. In their eyes, your privacy and the consumer's rights are less important than some grandma
You’re correct, but for the wrong reasons. Privacy framings don’t work because people who care about privacy are unusually politically nihilistic and/or lazy. I’ve worked on privacy legislation. I’ve also worked on other laws. Nobody calls or writes about the former. With the latter, it was almost trivial to demonstrate to the elected that there was real political capital in embracing the issue.
Well, depending on the sort of other laws you've supported, that shouldn't be very surprising.
The special interest of a particular group always result in far more intense support than any law that benefits the public at large. And privacy is usually a general concern.
Also, am I the only one who finds the idea that you need to demonstrate the existence of political capital to elected politicians concerning? (As opposed to persuading them that it's the right thing to do.) I don't want to sidetrack the whole discussion, but this makes me doubt the future of western democracy in a hundred different ways.
JumpCrisscross's reply was really good, and I would like to add additionally that US congress representatives and senators usually maintain local offices in cities in their constituency, and a visit to these offices (usually you can make an appointment by calling them) to discuss issues in person is a very powerful way to be heard. If you aren't in the US, you'll need to find out if your government has anything similar.
> But on topic: why not create docker.io/bsi and let /bitnami as is without new updates?
If people are relying on you for automatic security updates, and you've decided to no longer provide these updates [for free], users should opt in to accept the risk.
This would normally require user action (after a period of warnings/information), and having the fix look 'obviously' unsafe (`/bitnami ` ->`/bitnamilegacy`) feels reasonable.
As a maintainer, if you're dealing with a contributor who's sending in AI slop, you have no opportunity to prompt the LLM.
The PR effectively ends up being an extremely high-latency conversation with an LLM, via another human who doesn't have the full context/understanding of the problem.
Indeed that works for that case. But you can prompt yourselves, it will not always generate natural that are easy to validate with such shortcuts. So I don't think it invalidates the point I'm making.
reply