Thread

Zero-JS Hypermedia Browser

Relays: 5
Replies: 2
Generated: 19:25:58
avatar
Final final@stacker.news npub1hxx7...g75y
Our security preview releases provide early access to Android Security Bulletin patches prior to the official disclosure. Our current security preview releases provide the current revision of the November 2025 and December 2025 patches for the Android Open Source Project. We recommend enabling this. The only difference between our regular releases and security preview releases are the future Android Security Bulletin patches being applied with any conflicts resolved. The downside of security preview releases is we cannot provide the sources for the patches until the official disclosure date. The delay for being able to publish the sources is why we're now going through the significant effort of building 2 variants of each release. Our most recent 3 releases have both a regular and security preview variant: 2025092500 and 2025092501 2025092700 and 2025092701 2025100300 and 2025100301 You can enable security preview releases via Settings > System > System update > Receive security preview releases. Our plan is to keep it off-by-default with a new page added to the Setup Wizard which will have it toggled on as a recommendation. We'll prompt users on existing installs to choose. We're maintaining the upcoming Android security patches in a private repository where we've resolved the conflicts. Each of our security preview releases is tagged in this private repository. Our plan is to publish what we used once the embargo ends, so it will still be open source, but delayed. The new security update Android is using provides around 3 months of early access to OEMs with permission to make binary-only releases from the beginning. As far as we know, #GrapheneOS is the first to take advantage of this and ship the patches early. Even the stock Pixel OS isn't doing this yet. During the initial month, many patches are added or changed. By around the end of the month, the patches are finalized with nothing else being added or changed. Our 2025092500 release was made on the day the December 2025 patches were finalized, but we plan to ship the March 2026 patches earlier. Previously, Android had monthly security patches with a 1 month embargo not permitting early releases. For GrapheneOS users enabling security preview releases, you'll get patches significantly earlier than before. We'd greatly prefer 3 day embargoes over 3 month embargoes but it's not our decision. Security preview releases currently increment the build date and build number of the regular release by 1. You can upgrade from 2025100300 to 2025100301 but not vice versa. For now, you can switch back to regular releases without reinstalling such as 2025092701 to 2025100300, but this may change.
2025-10-04 16:45:46 from 1 relay(s) 1 replies ↓
Login to reply

Replies (2)

avatar
Boredsquirrel npub1sk4e...tyqh
It is a really unfortunate position that Google put open source Android builds in. But your approach is sensible. Technically the updates are proprietary until released, which many people will not like. So keeping it opt-in makes sense. image
2025-10-05 10:01:22 from 1 relay(s) ↑ Parent 1 replies ↓ Reply
avatar
Final final@stacker.news npub1hxx7...g75y
(made a deletion request on last note for a bad typo) Patches always had a timed embargo for years, patches still come in a quarterly not monthly schedule. However, this embargo was stretched likely to get OEMs in on releasing patches on time (spoilers: they don't). We got partner access from a major Android OEM who can provide these patches before their release, since we can just distribute this ourselves, it can be useful to people who want the patches. They're proprietary to the user but not us, we have access to sources and fix conflicts before distributing. We openly encourage people to compare the update packages and reverse engineer it to figure out changes and make their own open source patches. People should encourage them to stop the embargo and patch faster.
2025-10-06 18:58:58 from 1 relay(s) ↑ Parent Reply