I am posting this here, as I seemed to have completely missed this till now. Nor has a prompt reached me. The prompt might be a feature that was not implemented in the build I was running. I don’t know if the latest non-preview build has this already enabled.
As the post above says:
'You can enable security preview releases via Settings > System > System update > Receive security preview releases.
Our plan is to keep it off-by-default with a new page added to the Setup Wizard which will have it toggled on as a recommendation. We’ll prompt users on existing installs to choose.’
Is anyone still deciding which way to go? I can’t make up my mind ideally we wouldn’t be in this scenario at all.
On the one hand, knowing I have the latest security patches would be great peace of mind, but on the other I have been striving to use open source whenever possible, and my threat model is skewed heavily towards privacy and divorcing myself from anti-consumer behaviors of corporations. So my stance, to an extent, is an ideological one.
However, I’m leaning towards using the closed source patches because, while certainly possible, it doesn’t seem likely that this period of opacity would be used nefariously.
I’d still go for the security patches because as I understand it they will eventually be made open and your phone already uses proprietary software anyways.
The popup is designed to give you a choice. Graphene team recommend to enable it in their public explanation. If you’re unsure, stick to their default enabled when being asked for it and their recommendation from the post.
Yeah. I’m still debating with myself if I should do or not. I’ll probably not do it. Security has never been my end all be all but I would recommend anyone else to installing it.
When I was reading Daniels comments on this on Twitter, it seemed as though he were suggesting, with a wink and a nudge, that if anyone working at an OEM wanted to share it with him, he’d happily accept it, so hoping he is laying eyes on it well before the disclosure date
Unless you are building GrapheneOS yourself and then using that to update your devices you are already trusting them anyway and they will release the source code for the security preview releases once the embargo ends.
ideally we wouldn’t be in this scenario at all.