> I share the concerns about Android
> Why not try to fork AOSP or GOS
Which concerns do you share? Both AOSP and GOS must follow the Google development strategy, they aren't exactly independent on Google (which is a problem: https://news.ycombinator.com/item?id=45208925). Nevertheless GOS on Librem 5 or Pinephone would be a nice idea, except the GOS developers are against that: https://news.ycombinator.com/item?id=45101400
> Linux's (nonexistent) security model
Linux's security model is based on trusting the software you're installing from the FLOSS repositories, and it works very well.
>Nevertheless GOS on Librem 5 or Pinephone would be a nice idea, except the GOS developers are against that: https://news.ycombinator.com/item?id=45101400
GrapheneOS are against using their development resources on a platform that is drastically, significantly worse than the hardware platform they already have, which is quite fair. It is not about Pine64 or Purism's products specifically. They would not be against them if they met 95% of the requirements detailed in https://grapheneos.org/faq#future-devices. It would more sense to explain which of those requirements you think are unreasonable.
> Linux's security model is based on trusting the software you're installing from the FLOSS repositories,
That's not a security model, and we don't live in fairyland.
Just take a look how well this works with npm packages. It just so happens that emacs plugins are not the most worthwhile target for attackers.
> npm packages
This has nothing to do with what I said. npm is not a trusted or a FLOSS repository.
> we don't live in fairyland
When did you see a malware in Debian's repositories last time?