FP Security Updates need to be more frequent

You know yourself that the security update is always a month behind. This is nothing new and is also the case with almost all other manufacturers. Nevertheless, there was an update in February (Big Camera Update). There’s no need to dramatize it now.

3 Likes

I think you missed the point: I’m talking about Security Updates, and I’m still waiting for the February security update.
The fact they updated the camera is nice, I’m very thankful they did, but it’s irrelevant here since it doesn’t replace Security Updates.
:man_shrugging:

2 Likes

And this is connected

1 Like

As a beta tester I’m just gonna say one thing: don’t get your hopes up :stuck_out_tongue_winking_eye:

A bit strange that the February update is this late though.

4 Likes

I am on FP5.TT46.A.144.20240205. The security date is 5th February 2024.

Yes, but FP4 is still unfortunately on January one.

2 Likes

Can you say whether the beta released a week or so had February security patch included?

1 Like

In general: beta info is not for the public.

For this: its the march patch level not feb.

So to repeat myself:

3 Likes

But with this pace of updates, FP users can be super sure they won’t get hit by the recent xz library backdoor :smiley:

7 Likes

That many FP users who run SSH servers on their phones, huh?

Who says that xz is only used in SSH servers? This is how the backdoor is exploited, but it can also happen in other ways

see The XZ Backdoor: Everything You Need to Know | WIRED
or in German: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-223608-1032.pdf?__blob=publicationFile&v=4

2 Likes

The backdoor uses a hardcoded key and remote code execution to make the authentication happen. SSH seems to be be the target for this backdoor.

2 Likes

All right :D, could have been :slight_smile:

You always get the update from the previous month. If the update had been released in March, you would have received it. If it comes in April, it should contain the security update from March. It’s not new breaking news that this is the case.

This time it is noticeable that no update was released in March that included the February security update.
It’s not the end of the world.

1 Like

And what about the Security updates from February? It’s not like there haven’t been any… :roll_eyes:

I sure hope they will eventually release the February ones, maybe alongside the March ones. It doesn’t bode well if they start just randomly dropping some. Security updates are a must-have, not optional goodies, and one of the main reasons I bought a Fairphone, because of their promise of “long-term support and software updates”.

Because of the update for the month of March, which contains the February security patch, we are here to ask why the update has not been released.
If you have read the last post, one of the beta testers wrote that this time it is taking a little longer than usual.

And the long-term update promise from Fairphone does not mean that you will get an update every month. It can also be every 3 months at some point. By the way, this is also the case with older Lineage OS versions.

So everything is fine :slight_smile:

3 Likes

Everything is fun and games until the work profile stops working due to being too far behind on security updates.

7 Likes

I almost noticed… :roll_eyes:
My point was, and still is, that this is taking too long. That’s all.

Don’t mix apples and oranges: “Update” is too vague a term, covering very different things. There are:

  1. Security Updates, which should come every month, else it’s pointless
  2. Bug Fixes, which should come eventually (if the company is serious)
  3. Feature Updates or Upgrades, which are nice to have, but optional

The “Big Camera Update” we had recently was a “Type 3” update: I was happy to get it, but despite what you seem to think, it doesn’t replace the essential “Type 1” update, much like a free ice cream doesn’t replace medication.

1 Like

@KurtF I am on FP5 and I can only sympathise with those on FP4 still waiting for the update. Yet, I am aware there will be time that both FP5 and FP4 will be getting security updates on a two-monthly basis or three-monthly basis. It is now the case of FP3, is it a dealbreaker for you?

1 Like

I guess several people can agree to disagree, no further repetition will change this or add any new information to the topic. So referring to the forum rules I would kindly ask everyone here to stop trying to convince others.