Yes I was stating what this update was offering. I do understand that kernel developers want to have full oem unlock command available, and we are working on providing solution for that in future updates. Unfortunately there is limited number of fixes and features that can be included per update. We dont have unlimited hours and manpower.

Like I previously wrote. That closeness is up to Jolla. I am not sure how many will appreciate it.
As for security. Honestly, that is a weak argument. I can break that any time as long as developer mode exists.
Protecting company data should be achieved by other means, If this is what you want.
From a company perspective this is understandable, but, considering whom supported the start-up by preorders, and considering other available options for companies. Is this a wise decision. I dont know, and I dont care. It is goodbye Jolla from me.

And how do you install developer mode on the device that you have stolen from someone which asks you devicelock code on the boot?

We are not even trying to protect the case where user has installed developer mode by himself, as he as dismissed the warranty may void dialogs and such.

Let's see, for example an security problem in your old frankenstein android kernel mix?

You can even install rpms as an normal user.

And how do you get to install things as normal user? Settings devicelock code, immediate, 10 attempts, reboot.

True if you quess the lock code with those 10 attemps, you can do anything as normal user. But if you dont happen to quess the code, do you have some trick to bypass the code query with the latest release?

But yes if frankestein kernel has some remote tcp/ip drop to shell exploit, then everything is wide open.

Even if i had I wouldn't disclose them.

But that is not the point. Everybody who thinks their data is secure if it is not encrypted doesn't know much about computer security.

Nobody in right mind would think that their data is secure. Most people know that unix permissions dont give you real data security and that people can just remove microsd card.

It just means that its nice to have locks in your front door, even if burglar can break the window quite easily. And most people in the world keep their front door closed/locked, even when their houses have windows and they know that people can break in at any time.

But I can be wrong of course, some people might not lock their front doors when they go out.

Correct me if I'm wrong, but all these lock-thingies will be slight bumps in the road for someone really interested in the data on your phone. Direct access to the flash chips is all you need. They only viable solution is encryption. What's the reason the Jolla doesn't use that, ootb?

While I'm not really into flashing custom kernels (my N9 runs stock kernel) I do find it disappointing to see I now have yet another device which is hard to hack, or at least harder to hack for the wrong reasons (i.e. trying to improve security, but ultimately failing at that. Just like my Samsung tv, which encrypts recording but helpfully puts the keys in a companion file.)

It might not affect many, but these kind of changes on a bug-fix update which will seriously hinder owner's ability to hack a supposedly open device should be noted in the release notes of that update.

Its pretty easy to use fuse encryption layer for example on your microsd card or any custom folder/directory/mountpoint, so people who wants to have some of their data encrypted are free to do so (it will have performance impact and battery life is also affected). Some future update might even offer you to have your data encrypted.

Well that escalated quickly...