Hi,
Some of these statements sound very worrisome to me:
- “security decreased by Lineage” claim: this is a point of vue[sic] that one can share or not: this does not make sense. Something is either secure or it is not, it’s no belief. What can vary however is the security model one is interested in and on which the outcome (secure or not secure) will be based.
- We primarily focused on privacy aspects, but we are definitely interested in increasing the security level too.: Security is prerequisite to privacy. (Privacy is defined by your security model. Breaking the security of a DNS implementation will break a certain definition of privacy.)
- OTA updates are actually stored on github and accessed through https, so we can I think consider that it has reasonable security level.: What is https actually supposed to bring in terms of security?
- who are “we”? I did not find much information behind the iodé os entity. It’s a very nice security feature to have the builds signed by a trusted entity. Can we (the users going to flash iodé os) trust this entity?
Best, and looking forward to your great contributions to more security (and then privacy!)