> CalyX has is constantly harassing and bullying other privacy-focused projects, causing incredible harm to the privacy and security community. It also has been missing updates for 4 months recently, making it a terrible choice for anyone.
You actively harass and bully by not providing any sources for your claims. That's bad for an open, fact-based discussion and is opposed to how I percept the community. What are your claims based on? Can you provide any sources?
As far as I know, CalyxOS tries to maintain a quite neutral temper:
https://www.reddit.com/r/CalyxOS/comments/pmguwi/grapheneos_...
> Made the permission signature|privileged so only system apps signed with the right key, or privileged system apps with an explicit allowlist for this permission can use it.
> Hardcoded the signature to be spoofed instead of letting the application specify it.
> Only allowed the microG packages, GmsCore and Store to spoof signature. Both of these are included as system apps on CalyxOS so simply checking against the package name is enough.
That doesn't sound like that much of a risk to me. Esentially, it's a tradeoff between privacy and usability that microG tries to solve/soften. For example, it came in handy, when standalone Open-Source implementations of Google's contact tracing approach weren't available yet. microG quickly implemented it so official apps worked.
You actively harass and bully by not providing any sources for your claims. That's bad for an open, fact-based discussion and is opposed to how I percept the community. What are your claims based on? Can you provide any sources? As far as I know, CalyxOS tries to maintain a quite neutral temper: https://www.reddit.com/r/CalyxOS/comments/pmguwi/grapheneos_...
You can read the details of CalyxOS' implementation of microG here: https://calyxos.org/docs/tech/microg-details/
> Made the permission signature|privileged so only system apps signed with the right key, or privileged system apps with an explicit allowlist for this permission can use it.
> Hardcoded the signature to be spoofed instead of letting the application specify it.
> Only allowed the microG packages, GmsCore and Store to spoof signature. Both of these are included as system apps on CalyxOS so simply checking against the package name is enough.
That doesn't sound like that much of a risk to me. Esentially, it's a tradeoff between privacy and usability that microG tries to solve/soften. For example, it came in handy, when standalone Open-Source implementations of Google's contact tracing approach weren't available yet. microG quickly implemented it so official apps worked.