“Both Nextcloud and GrapheneOS are FOSS which addresses your concern about it being a government trap.”
I was merely referring to the fact that unless you build the code yourself, there is no certainty that you have that a government has not shipped a custom hacked build to your device and stolen a FOSS signing key. Unlikely? Yes. Possible? Yes. Also, backdoors, as seen in the 2003 Linux incident, can be as hidden as a deliberately missing equals sign in 1 line of code - so, a sneaky government commit with the smallest backdoor could be undetected even if FOSS. I still think it’s better than proprietary - don’t get me wrong - but it’s not invincible which was my main point about how security does not end.
Right, but nobody can write all the code they need for every service. I agree nothing is invincible. We put varying degrees of trust in people and processes of communities who maintain the SW. FOSS requires much less trust than proprietary SW developed by megatech.
I was merely referring to the fact that unless you build the code yourself, there is no certainty that you have that a government has not shipped a custom hacked build to your device and stolen a FOSS signing key. Unlikely? Yes. Possible? Yes. Also, backdoors, as seen in the 2003 Linux incident, can be as hidden as a deliberately missing equals sign in 1 line of code - so, a sneaky government commit with the smallest backdoor could be undetected even if FOSS. I still think it’s better than proprietary - don’t get me wrong - but it’s not invincible which was my main point about how security does not end.