For anyone who doesn’t know, CopperheadOS is a source-available operating system for smartphones and tablet computers, based on the Android mobile platform. It is based on the official releases of the Android Open Source Project by Google, with added privacy and security features. The developer, Daniel Micay, builds on the existing official releases of Android to make a more secure solution, and it works great.
Yesterday, Daniel tweeted this:
James has even threatened to seize control of my personal GPG key that I created in 2009/2010 when I started packaging for the official Arch Linux repositories. I don't have an understanding of why he is taking these actions. It's completely illogical and extremely destructive.
— Daniel Micay (@DanielMicay) June 11, 2018
There’s also a conversation going on on Reddit as well in the CopperheadOS subreddit.
Daniel, the former CTO, has been the sole developer on CopperheadOS since day one, and part owner of the company.
His partner, James Donaldson, decided to seize control of the company yesterday.
James owns the http://copperhead.co domain on his personal namecheap account, and has demanded that Daniel hand over his GPG signing key that he created in 2009, before the company was founded in 2015.
Daniel posted in the reddit thread:
Note that the signing keys are not compromised and no updates to the OS or apps can be created now. I destroyed my signing keys to prevent any situation where users could be compromised. The infrastructure is not trusted by the OS. No OS or app updates can be created that would be accepted. There is still most of the month before the July security update at which point I can’t recommend using it anymore…
I honestly have no idea who is in the right or wrong here.
The two owners have apparently been arguing over the past couple weeks before Micay’s firing yesterday.
What the future holds for CopperheadOS is up in the air right now.