I’ve never had a problem. However, I only run LTS and always wait for the first point release.
So what? i.e. Your statement proves nothing.
I agree that the Debian Security team does a great job. But note that nobody has patched the LTS release for this pretty high CVE for a highly used package (flatpak) CVE-2024-32462. To be clear: The security team did patch what they are responsible for … but the LTS release (currently Buster) is still unpatched. That’s cause for concern that the volunteers from the non-security team might not be up to the task, right?
@kms said it would give him concerns that the LTS team is volunteers (LTS isn’t all volunteers btw). I made the point that “all volunteer teams” can work fine and that it doesn’t give indication about the quality of the work done.
Your statement proves nothing.
I don’t have to proof anything to you.
I’ve given evidence that the LTS team is not addressing CVE’s as well as the security team. In other words @kms absolutely has cause for concern.
And while I agree it has nothing to do with “volunteer” or “not volunteer”, it’s a concern.
Your statement proves nothing.
I don’t have to proof anything to you.
That’s “prove” not “proof”. And, no, you don’t. I didn’t ask you to prove anything. My statement was simply pointing out that you didn’t prove anything. We wouldn’t want anybody confused on whether you are asserting that the LTS team is as good as the Security Team in providing security patches.
[Edit: I was reading about another vulnerability from January 2024. CVE-2024-1086 . I thought
I would check this one too. Again the Security Team has patched it in their distros. Not true for the LTS Team. CVE-2024-1086 ]
I’m still walking around with Byzantium L5 in my pocket. If I go around with a Crimson install instead, what types of issues would I expect to face? Or where should I read about that?
If I go around with a Crimson install instead, what types of issues would I expect to face? Or where should I read about that?
I recently installed Crimson on my Librem 5 USA, and I have noticed many changes. Here is a list of them, along with photos: WPA3 works. The Settings app is nearly fully adaptive (excluding Displays, File History and Trash, Time Zone, and potentially others). Sometimes the adaptation is not triggered, so a workaround is to drag Quick Settings slightly down to redraw the screen. In Appearance, there is now a Dark style/theme. In Power, there are now Power Modes (Balanced and Power Saver). In A…
“Red” flags? (Duck)
Can one just upgrade to crimson? like a normal debian dist-upgrade changing sources.list?
Can one just upgrade to crimson?
No. It has to be a reflash (if you want to work).
I strongly advise a fresh flash rather than change repo’s and upgrade. When I changed repos and upgraded the phone never behaved quite right again. It also would not create the .scr properly on kernel updates making it impossible to enter the decrypt password and would boot loop.
And while I agree it has nothing to do with “volunteer” or “not volunteer”, it’s a concern.
I disagree, and say that volunteer does matter in this case. Sure you can have a volunteer which is ate up and totally dedicated to giving all of their time to development, but this is extremely rare and not the norm in any way. Rather what happens is strong energy and then life happens, burn out happens, project stall, projects die.
On the other hand, paid development does not follow this trend. When you are paid to develop you have a commitment to complete the tasks. You can’t just walk away without more serious consequences.
The Librem 5 needs paid developers with reliance on them primarily.
When you are paid to develop you have a commitment
Burn out can still happen.
Projects do also stall and die.
However this is all generalisation, that may not be useful as it applies to one specific project.
It may also be overtaken by events, as the wheels, apparently, are starting to turn again on crimson
.
Burn out can still happen.
Projects do also stall and die.
I think you are missing the point. Volunteers are under no contractual obligation to do anything. This is the weakness in this sense.
On the other hand if you are paid to do something, you are under a contractual obligation to complete the thing you were paid for. You getting burned out, or whatever else can still happen, but you are accountable to this obligation. Furthermore there is generally a mechanism is place that will fire you and hire someone else who is not burned out, or otherwise not performing. Sounds cold but is true.
Furthermore, professional products die, because of a lack of funding, not because of a lack of work.
Volunteer products die from all of the above. There is no insolation. We can sit here and kum by ya all day long about the virtues of volunteer efforts, but history tells us repeatedly in the OSS world just how far those good wishes and feelings actually go. It is paid development in the form of Red Hat and Canonical that is moving this effort forward by and large. Paid development across wine / and Proton via Valve, as another point. Paid development sees progress.
That is my point.
And while I agree it has nothing to do with “volunteer” or “not volunteer”, it’s a concern.
I disagree, and say that volunteer does matter in this case. …
I don’t disagree with what you said in general. That said, I think it missed the specific point of the conversation.
My comment was specifically in regard to Debian and their ability to provide support to their distributions. Gunther made the point that the “Debian Security Team” was a volunteer team (which I knew) so one shouldn’t be concerned about “volunteer or not” in regard to the “Debian LTS Team”. [Aside: Gunther also made the point that the “Debian LTS Team” was not a completely volunteer team (which I didn’t know; it has volunteers and there are companies such as Freexian, credativ, and others that provide money for their devs to commit some specified number of hours on LTS support).]
My point was that, regardless of “volunteer” or “not volunteer”, there is cause for concern when Bullseye moves from updates by the “Debian Security Team” to updates by the “Debian LTS Team”. I’ve now shown two important CVE’s that have not been patched by the LTS Team for Buster. At this point I actually trust the “Security Team” (which is “all volunteer”) more than the “LTS Team” (which is not “all volunteer”).
It is just me or does the lack of a crimson release plan and actual work being done towards that plan mean that Purism isn’t actively developing crimson for the L5? Maybe Bookworm in a way is already outdated if crimson is released and does not have all the mobile optimizations that come with a newer version of Gnome that trixie uses. So could it be that a version will just be skipped since it requires less work?
I tried Crimson on my L5 and it seemed better in some ways. Seemed snappier and smoother but also the phone seemed to heat up more. [Unsure if I optimized my Byantium install and forgot, or if the heating up was something PureOS changed.]
But the millipixels “camera” app was missing. That was the only big one that really hit me so far.
It is just me or does the lack of a crimson release plan and actual work being done towards that plan mean that Purism isn’t actively developing crimson for the L5?
Correct, there is no formally announced roadmap.
So could it be that a version will just be skipped since it requires less work?
No, that possibility is highly improbable. In a very optimistic scenario, the release time between Crimson → Dawn could be significantly shorter than in comparison to Byzantium → Crimson.
I took the phone out of box after 3 months. Run all the updates and I see that not much has changed. Menu still disappears on right-click, background picture doesn’t even show up unless I’m opening an app. Windows on many apps get cut off on the edge off the screen. Battery life is still abysmal.
Bluetooth seems to work now. I can send and receive a file. Before it worked only in one direction. However the transfer rate when receiving file is at 2KB/s. I guess it’s something…
A lot of stuff is coming with Crimson, but we’re still on Byzantium. The background image can bet set manually via gtk.css file (see this - it’s done with gtk.css) otherwise also a Crimson-thing. We got a great kernel update that made the phone running stable all the time. Battery life is a loooooooooong therm process. Don’t expect fast changes here.
Menu does not disappear on right click, but on long touch gesture. It’s also a Crimson thing as far as I know.