Context from when this showed up last week: <a href="https://news.ycombinator.com/item?id=17239259" rel="nofollow">https://news.ycombinator.com/item?id=17239259</a><p>The CEO, _jayy, posted a number of comments, then deleted all but one. The deleted comments were preserved by yegortimoshenko. Links: <a href="https://news.ycombinator.com/item?id=17241694" rel="nofollow">https://news.ycombinator.com/item?id=17241694</a>
"I already prevented any possible compromise of the OS. I am not capable of compromising it anymore so no form of coercion can make me do that. It's very unfortunate that things ended this way and now I guess the little money I earned from this will go to legal fees, etc." - Daniel Micay<p><a href="https://twitter.com/DanielMicay/status/1006331205682384896" rel="nofollow">https://twitter.com/DanielMicay/status/1006331205682384896</a><p>Apparently he's deleted the signing keys.<p><a href="https://twitter.com/DanielMicay/status/1006334186725224448" rel="nofollow">https://twitter.com/DanielMicay/status/1006334186725224448</a>
Ultimately, who cares who's morally right or wrong? Lets skip the drama and try to see the legal angle, with the goal of figuring out a way to "save" the source code (of possible).<p>The way I see it (with my limited legal knowledge, IANAL) is that Daniel Micay got paid for his services, and therefore the copyright is assigned to the company behind CopperheadOS. I'm not sure if Daniel can be fired, that'd depend on the legal entity of CopperheadOS (for example, in a general partnership both partners bear responsibility and liability which levels the playing field). I tried looking it up on the homepage, but I've been unable to figure that out. What is the legal entity behind the company "Copperhead Security"?<p>[1] <a href="https://en.wikipedia.org/wiki/General_partnership" rel="nofollow">https://en.wikipedia.org/wiki/General_partnership</a>
Not a huge surprise if you followed rust a few years back:<p><a href="http://slash-r-slash-rust.github.io/archived/2u1dme.html" rel="nofollow">http://slash-r-slash-rust.github.io/archived/2u1dme.html</a>
What a shame. I used to hang out on Rust IRC when Daniel was still engaged with the project. He always seemed so knowledgeable and he fought for what he thought was best for the language.
I figured it was only a matter of time. It's absurd to think you can run a company with a product like this, with only one full-time developer. RIP folks who bought devices from them, who will not longer be receiving updates.
It seems a little silly to me that someone would trust a "secure OS" from a situation where one guy could "seize control" of the company and infrastructure. This is largely why I've never seen third party ROMs as a significant solution to the security situation with mobile phones.<p>That being said, I'm curious what the other side of this story is. The email makes it sound like the guy's being fired.
Does anyone have any idea how many devices run CopperheadOS? The market has to be extremely tiny.
How many people are capable of manually flashing an image onto a Nexus/Pixel, and then what subset of that group is interested in a "more secure" ROM?
Is it possible for them to fork under a new name? I ask because it depends on how they have structured the copyright of their code and open source licensing. I don't see any other simple solution besides forking and creating a new entity he owns 100% of.
His employment is suspended with pay, stipulating signing an employee agreement?<p>OK so you're suspended, and we will pay you only if you sign this agreement that any ethical company would have had you sign at the start of employment.<p>This sort of duress after the fact is unethical and possibly illegal. And the demand for control of a personal GPG key predating employment is eyebrow raising and properly should invite ridicule.