add todo to tasks page about RPi distros, and warn about security issues

This commit is contained in:
Leah Rowe 2021-05-21 15:50:20 +01:00
parent 10daafb405
commit d7e5e7640d
1 changed files with 30 additions and 0 deletions

View File

@ -206,6 +206,36 @@ Under the Interface section, you can enable SPI.
The device for communicating via SPI as at `/dev/spidev0.0` The device for communicating via SPI as at `/dev/spidev0.0`
Caution about RPi
-----------------
On 20 May 2021, someone on IRC brought to my attention the following video:
<https://odysee.com/@Lunduke:e/RaspberryPiMicrosoftRepo:8>
Basically, the Raspbian project, now called Raspberry Pi OS, put in their repo
an update that added a new "trusted" repository, which just so happened to be
a Microsoft software repository. They seem to have done this for VS Code, but
the problem here is that it gave Microsoft free reign to define whatever
dependencies they liked (as per apt-get rules), and every time you updated,
you would be pinging Microsoft servers. Do you think that is strange?
Microsoft shouldn't have *any* access to your GNU+Linux system! This was the
commit that Raspbian added to their distro, which added this what should rightly
be called a security vulnerability, intentaionally:
* <https://github.com/RPi-Distro/raspberrypi-sys-mods/commit/655cad5aee6457b94fc2336b1ff3c1104ccb4351>
They then removed it, after a public backlash, via the following commits:
* <https://github.com/RPi-Distro/raspberrypi-sys-mods/commit/ed96790e6de281bc393b575c38aa8071ce39b555>
* <https://github.com/RPi-Distro/raspberrypi-sys-mods/commit/4d1afece91008f3787495b520ac03b53fef754c6>
For now, Raspbian / Raspberry Pi OS (which is based on Debian) should be safe,
but this whole episode proves that the distro can no longer be trusted to
respect its users. Therefore, it's now on the [tasks page](../../tasks/)
a TODO entry for recommending and documenting alternative GNU+Linux distros
on the Raspberry Pi, for the purposes of SPI flashing.
Install flashrom Install flashrom
---------------- ----------------