Using GPLv2-only licensing to prevent a GPLv3 project from taking our code while disallowing us from using their code (since we can't use GPLv3) is hardly anti-FOSS. GrapheneOS can't use GPLv3 for Vanadium because it's incompatible with the WebView being loaded into other applications and GPLv3 has restrictions which would result in GrapheneOS being less free, by disallowing valid usage of GrapheneOS to make devices with an immutable root of trust. We want GrapheneOS to be friendly to people making downstream projects/products based on it and therefore stick to permissive licenses and GPLv2.
GPLv2 is an open source license. We continued allowing them to take our code and continued contributing to their project ourselves despite the general inability to use Bromite's code. We already didn't find the situation to be fair. There are also issues with proper attribution not being given for our code and the downplaying of the impact of our contributions. For example, a contributor to Vanadium wrote a new ad-blocking implementation which was adopted by Bromite before it was ready for Vanadium, which led to a negative impact on development of the feature for Vanadium. Almost no credit is given for the stuff submitted by GrapheneOS project members / contributors to Bromite. It's actively downplayed.
Bromite began working with people involved in a severe misinformation and harassment campaign directed at GrapheneOS developers. Combined with the inability to use their code due to GPLv3, we chose to change our licensing. This was done in advance of substantial work that's going to be done on Vanadium. Having our code taking by a project not giving us proper credit and not allowing us to use their work in return was having an actively negative effect on Vanadium development.
Personally, I think engaging in spreading misinformation about open source projects across platforms including via sockpuppet accounts like this one along with harassment and libel targeting our project members is extremely anti-open-source. GrapheneOS does not spread misinformation about other projects this way, and we don't tolerate our community members doing it either, and similarly don't tolerate them engaging in harassment or libel.
Separately from this, it's a misconception that CalyxOS and GrapheneOS are similar projects or that they're working on similar things. They are not. GrapheneOS is a hardened OS with substantial privacy and security improvements:
Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the problematic microG approach.
https://blog.privacyguides.org/2022/04/21/grapheneos-or-caly... is a 3rd party article explaining some of the substantial differences between GrapheneOS and CalyxOS. It's a common misconception that they're similar. CalyxOS is far more similar to LineageOS than GrapheneOS. There are many other alternate OSes available.
https://privsec.dev/posts/android/choosing-your-android-base... is another article about privacy and security differences between alternative Android-based operating systems. Talks about other alternate operating systems including DivestOS. Unlike most content, these are based on real experience and technical details.
I said that the goal of the projects is the same. It seems they're not equally effective in their efforts of reaching that goal, but that's besides the point.
The goals of the projects are not the same. CalyxOS is not a hardened OS and it doesn't aim to be a hardened OS. They don't work on the kinds of privacy and security features we do. For the most part, they work on much different things with very little overlap. Their approach is incompatible with ours.
As an example, since they took over the Seedvault project and are running it in a similar way as their OS, it has blatant security issues. It uses privileged permissions it shouldn't and violates multiple aspects of the security model including bypassing app install rules. Encryption is not as opaque as it should be either. We aren't going to be able to use it anymore. We have to start over with a new backup service. Seedvault was originally written by a GrapheneOS community member for inclusion in GrapheneOS, based on the design that we laid out for it but it has deviated so far from that now and their goals / approach is incredibly incompatible with ours. Not even something like this can be shared. We had to drop F-Droid in 2018 because it has such huge security, usability, robustness and functionality issues. It still targeting Android 7 is the tip of the iceberg. It hasn't kept up with the platform at all and doesn't respect / follow the security model.
Thanks for the response and the explanation. I was unaware of the licensing issues preventing GrapheneOS from taking code from Bromite despite Bromite taking from GrapheneOS, and of the lack of proper attribution for contributions from GrapheneOS.
> Bromite began working with people involved in a severe misinformation and harassment campaign directed at GrapheneOS developers
IMO "reviewing a pull request" is a far cry from "working with". You really expected Bromite to immediately close the PR, even if it contained valuable contributions, just because GrapheneOS claims (without evidence) that this person is associated with a group of harassers?
> Personally, I think engaging in spreading misinformation about open source projects across platforms including via sockpuppet accounts like this one along with harassment and libel targeting our project members is extremely anti-open-source
Baseless accusation. I'm not affiliated with any of these projects, but I do want the opportunity to contribute to them in the future, which is why I didn't post this using my main account. Also, it's not productive to view any form of criticism as "harassment and libel".
Quoting from your GitHub comment:
> anyone who contributes to Bromite going forward will be banned from the GrapheneOS community
If merely contributing to Bromite can get you banned from the GrapheneOS community, we can reasonably assume that any criticism of such decisions can also get you banned, and I don't want that.
> IMO "reviewing a pull request" is a far cry from "working with". You really expected Bromite to immediately close the PR, even if it contained valuable contributions, just because GrapheneOS claims (without evidence) that this person is associated with a group of harassers?
They are doing much more than that, and we have ample evidence that these folks have engaged in libel and harassment. They also abused GitHub moderation tools to mislead people which is par for the course. It's you making claims without evidence... and it's very typical to be accusing us of what you folks are doing.
Here's one of many examples of one of the people associated with Calyx doing exactly that in response to a purely technical post:
There are many more examples including the leader of the organization doing this same routine of making up stories about me and claiming that I'm insane to direct bullying/harassment towards me. They've engaged in relentless libel and harassment for multiple years.
> Baseless accusation. I'm not affiliated with any of these projects, but I do want the opportunity to contribute to them in the future, which is why I didn't post this using my main account. Also, it's not productive to view any form of criticism as "harassment and libel".
You've done the opposite of contributing to any open source projects. You made at least one sockpuppet account to stir up shit on at least one platform to try to harm GrapheneOS. I wouldn't be surprised if other recent sockpuppet accounts belong to you too. You're demonstrating exactly why those projects and people involved in them are problematic.
> and I don't want that.
If you want to participate in the GrapheneOS project or community in good faith, you'll try to repair the harm you've caused. If you leave things like this, you aren't welcome.
I provided a link to a GitHub issue that you opened. I don't think anything in my OP was objectively untrue.
> You made at least one sockpuppet account to stir up shit on at least one platform to try to harm GrapheneOS.
You can keep calling me a sockpuppet but that doesn't contribute anything to the discussion, and isn't true. Also, my motivation is not to "harm GrapheneOS" but to provide constructive criticism and inform the public of a decision made by the project that I disagree with and believe is harmful to the FOSS community.
> If you want to participate in the GrapheneOS project or community in good faith, you'll try to repair the harm you've caused.
The harm I caused by raising a genuine criticism about the project on HN which gained a total of 7 upvotes?
Also, not sure what "repairing the harm I've caused" entails. Does that mean deleting the post? Because I won't be doing that, and I don't think I'm even able to anyway. Luckily this website isn't owned by you, so you can't just go deleting my posts like you do whenever someone posts any form of criticism on any forums/chatrooms owned by you.
> I provided a link to a GitHub issue that you opened. I don't think anything in my OP was objectively untrue.
You made numerous baseless claims without evidence in your posts.
> You can keep calling me a sockpuppet but that doesn't contribute anything to the discussion, and isn't true. Also, my motivation is not to "harm GrapheneOS" but to provide constructive criticism and inform the public of a decision made by the project that I disagree with and believe is harmful to the FOSS community.
You made a fresh account dedicated to the purpose of spreading spin and misinformation about GrapheneOS. There is another freshly created account in this thread doing the same thing, and that's suspected of being someone who has previously engaged in vicious bullying/harassment including claiming that I'm schizophrenic and bipolar in response to detailed explanations in the thread they linked, which is why their messages there were removed. One of the messages doing that can be temporarily approved to prove it exists, but many people have seen this happening elsewhere already.
> The harm I caused by raising a genuine criticism about the project on HN which gained a total of 7 upvotes?
This is not the only similar post made to attack the project from freshly created throwaway accounts in the past few days. Many of those use a similar approach and writing style. There are a few people hostile towards GrapheneOS who put massive amounts of time into trying to harm it by posting for hours every day across platforms. If you're not one of those people, you should have posted from an established account where it wouldn't come across as yet another fresh account from a small group of people.
> Also, not sure what "repairing the harm I've caused" entails. Does that mean deleting the post? Because I won't be doing that, and I don't think I'm even able to anyway.
A starting point is making a list of the posts you've made with throwaway accounts across platforms recently, showing us which ones were you and correcting the inaccurate claims you're making in them.
> Luckily this website isn't owned by you, so you can't just go deleting my posts like you do whenever someone posts any form of criticism on any forums/chatrooms owned by you.
People can look at our chat rooms and forums to see that this is clearly not true. Our rooms are frequently targeted by people like yourself spreading spin/misinformation and engaging in bullying/harassment. Their posts are usually automatically removed from the main scrollback automatically when they get banned, which is the default in the ban bot for some ban reasons or done manually in other cases. The posts from other people engaging with them no longer make sense without them and are usually removed too. There are archives of the chat without any messages removed. Removal keeps the Matrix chat useful and easy to read. No one wants to scroll through thousands of lines of people interacting with trolls to find 2-3 lines from people asking for help with something. People needing help or discussing things constructively are often drowned out by trolls derailing the chats.
> You made numerous baseless claims without evidence in your posts.
Please list them.
> If you're not one of those people, you should have posted from an established account where it wouldn't come across as yet another fresh account from a small group of people.
As I've stated before the reason I'm posting under a fresh account is to protect my identity so I don't face the wrath of you and your community. You've threatened to unleash this upon people in the past [0], despite constantly claiming that you're the one being harassed and attacked.
> A starting point is making a list of the posts you've made with throwaway accounts across platforms recently, showing us which ones were you and correcting the inaccurate claims you're making in them.
Yet another sockpuppet accusation. I hope anyone reading this is able to filter through strcat's baseless accusations and focus on the actual arguments being presented on both sides. I'm not sure why posting the same arguments under an established account should have any significance on the validity of the arguments.
You have failed to provide any evidence of anti-GrapheneOS sockpuppet accounts so far, but there actually has been clear evidence of a GrapheneOS lead developer encouraging the community to actively create sockpuppet accounts on Twitter, Reddit, and HN in order to promote GrapheneOS [1].
> People can look at our chat rooms and forums to see that this is clearly not true.
I actually encourage people to do this, because it very much is true.
Note that "anupritaisno1" has changed their online identity a few times and is currently going by the name "randomhydrosol". It looks like they aren't listed under the GrapheneOS GitHub organization anymore, but they are e.g. one of the administrators of the privsec.dev website that strcat linked earlier: https://privsec.dev/about
> You've threatened to unleash this upon people in the past [0], despite constantly claiming that you're the one being harassed and attacked.
Dishonest claim.
> You have failed to provide any evidence of anti-GrapheneOS sockpuppet accounts so far, but there actually has been clear evidence of a GrapheneOS lead developer encouraging the community to actively create sockpuppet accounts on Twitter, Reddit, and HN in order to promote GrapheneOS
There's rampant usage of sockpuppet accounts across platforms to harm GrapheneOS with misinformation. Your account here is one of them, and there was another. You've almost certainly made accounts elsewhere since your writing style and dishonest talking points match those from elsewhere. The level of sockpuppet account usage to harm GrapheneOS on Reddit are extreme and have been noticed by the moderators of multiple subreddits including ones with moderators who are not friendly to us but who are still dealing with this to an extent. Pretending this is not going on is silly, and the ridiculous baseless claim that we are doing it is typical behavior. That is what you are doing: making one baseless claim after another and projecting what you're doing as part of your malicious misinformation campaign onto us.
> but there actually has been clear evidence of a GrapheneOS lead developer encouraging the community to actively create sockpuppet accounts on Twitter, Reddit, and HN in order to promote GrapheneOS
This is a complete fabrication, along with your other fabrications. That is what you do.
> Screenshot of the GrapheneOS Matrix room from the article
This is similarly not accurate information, and the source of this is a malicious Copperhead employee who gave it to Techlore as part of his misinformation campaign against GrapheneOS, which was then referred to my Seth, a friend of Techlore also involved in it. As I said, a small group of malicious people has spread lots of misinformation. Sockpuppets repeat their inaccurate claims across platforms in numerous threads on a daily basis. It's a never ending assault on the project with dishonest claims and has caused substantial harm.
GPLv2 is an open source license. We continued allowing them to take our code and continued contributing to their project ourselves despite the general inability to use Bromite's code. We already didn't find the situation to be fair. There are also issues with proper attribution not being given for our code and the downplaying of the impact of our contributions. For example, a contributor to Vanadium wrote a new ad-blocking implementation which was adopted by Bromite before it was ready for Vanadium, which led to a negative impact on development of the feature for Vanadium. Almost no credit is given for the stuff submitted by GrapheneOS project members / contributors to Bromite. It's actively downplayed.
Bromite began working with people involved in a severe misinformation and harassment campaign directed at GrapheneOS developers. Combined with the inability to use their code due to GPLv3, we chose to change our licensing. This was done in advance of substantial work that's going to be done on Vanadium. Having our code taking by a project not giving us proper credit and not allowing us to use their work in return was having an actively negative effect on Vanadium development.
Personally, I think engaging in spreading misinformation about open source projects across platforms including via sockpuppet accounts like this one along with harassment and libel targeting our project members is extremely anti-open-source. GrapheneOS does not spread misinformation about other projects this way, and we don't tolerate our community members doing it either, and similarly don't tolerate them engaging in harassment or libel.