The author of that blog got mad we didn't want to implement a feature they wished for. Their duplicate issue was closed and later deleted and they made a public drama out of it for... what reason?
Let me tell you something. I personally reached out to them just a few weeks ago. I didn't argue, I didn't blame them. That was not my intention and I communicated that clearly. Those were not empty words, I went into it with a genuine open mind and with the goal of finding a solution. After all they consider themselves an open source enthusiast.
It didn't go anywhere. They did not seem willing to discuss anything at all really. You see, even if we assume they are 100% in the right, i.e. they did nothing wrong, why would they oppose our attempt at resolving the conflict? I've come to the conclusion there is no good faith argument to be made here. They spread their post all over the internet, heck they even linked it on Facebook.
Speaking of trust issues, Rossmann's claim he was going to stop using GrapheneOS proved to be a lie, he was caught using it for months after. He knew it was impossible for us to target him with an individual update, that didn't stop him from including that supposed fear in his sob story though.
He made it sound like Daniel was going crazy on him for no apparent reason over a single comment he posted on the Techlore video when for one, we were wary of him already due to past disagreements and, more importantly, that very video is responsible for the swatting attacks that were aimed at getting Daniel killed by law enforcement. The swatting attacks were carried out by someone who loved the Techlore video a little too much. Do you see where I'm going? Rossmann had voiced his support for the very video that is responsible for the attempted murder on Daniel's life, I reckon you will understand that Daniel was upset over this.
Not much time had passed since these attacks took place so Daniel messaged Rossmann to figure this out and explain to him what this was all about. In private mind you, whereas Rossmann decided this was peak content and live streamed it while the chat was still taking place. Any human being with a basic sense of empathy and decency would have not done this since it was obvious that Daniel was in a bad headspace.
Yet he did so anyway. I guess that's not all too surprising given it was an excellent catch for his following on Kiwi Farms which he caters to.
Hey! On a quick introductory note, I'm the community manager and the person who was interviewed. Please, read questions 17, 25 and 26 and our respective answers to them in the linked forum thread. In particular the following parts that I'm pasting here for convenience:
Question 17: Did your and Donaldson values begin to diverge? Was Donaldson more concerned with making money than you were?
Answer: [...] In 2018, matters between Micay and Donaldson came to a head over Donaldson’s desire to pursue business deals with criminal organizations, and his attempts to compromise the security of CopperheadOS, including by proposing license enforcement and remote updating systems that would allow third-parties to have access to users’ phones. As part of this process, Donaldson began to demand that Micay provide Donaldson with the “signing keys” - i.e. the credentials required to verify the authenticity of releases of CopperheadOS. Donaldson advised that, in order to secure certain new business, potential customers required access to the Keys.
The keys had been in continuous use by Micay, in his personal capacity, since before the incorporation of Copperhead. However, more importantly, any party with the keys could mark malicious software as “authentic”, and thereby infiltrate devices using CopperheadOS.
Micay was unwilling to participate in that kind of security breach. Since Donaldson had control over certain infrastructure for the open source project, he would be able to incorporate (or hire others to incorporate) the privacy-damaging features described above for all future releases of CopperheadOS. Micay therefore deleted the keys permanently and severed ties with Copperhead and Donaldson.
Question 25: Did things between you and Donaldson devolve when he approached you about a compliance audit? Did he tell you that he needed to know how the signing keys were stored?
From Wired:
We understand that Daniel's recollection was not that James wanted to know more information about how the signing keys were stored, but that he wanted direct access to them.
Question 26: Did you suspect his request was tied to a deal he was brokering with a large defense contractor? Did you believe this would put the entirety of CopperheadOS’ user base at risk?
Answer: Yes and yes.
The large defense contractor in question was Raytheon. The decision to destroy the signing keys was not based on a financial disagreement, but an existential one. Every single CopperheadOS user back then would have been compromised otherwise. It's of course a big deal given the implications, but it acted as a last resort for Daniel to stop a hostile takeover attempt fueled by greed, which he ultimately took because there was no other way out.
Let me tell you something. I personally reached out to them just a few weeks ago. I didn't argue, I didn't blame them. That was not my intention and I communicated that clearly. Those were not empty words, I went into it with a genuine open mind and with the goal of finding a solution. After all they consider themselves an open source enthusiast.
It didn't go anywhere. They did not seem willing to discuss anything at all really. You see, even if we assume they are 100% in the right, i.e. they did nothing wrong, why would they oppose our attempt at resolving the conflict? I've come to the conclusion there is no good faith argument to be made here. They spread their post all over the internet, heck they even linked it on Facebook.
reply