A new update to Raspberry Pi OS, previously known as Raspbian, has put open-source fans on edge. Why? The new OS is pinging Microsoft servers every time the user updates their apps or the OS itself.
The brouhaha is a bit of a tempest in a teapot, because the new OS simply pings repositories that hold Microsoft’s Visual Studio Code editor, a simplified IDE that has risen to become a formidable tool in the programmer’s arsenal—and, presumably, a solid educational tool.
That said, open-source zealots see companies like Microsoft as anathema (or at least a hindrance) to their work. The same zealots fought, successfully, for the Raspberry Pi Foundation to open-source its graphics driver for its GPU, Broadcom’s VideoCore chip.
What Microsoft could do with this ping is limited but Reddit users are concerned that they might be pushed targeted ads through Bing that will focus on Raspberry Pi users.
“People didn’t have a chance to know about the new repo until it was already added to their sources, along with a Microsoft GPG key. Not very transparent to say the least. And in my opinion not how things should be done in the open-source world,” wrote Reddit user Fortysix_n_2.
The Raspberry Pi team sees this move as an effort to make it easier for new users to code on the platform.
“Thank you, everyone, for your feedback, this won’t be changing because it makes the first experience for people who do want to use tools such as VSCode easier,” wrote Gordon Hollingworth, Raspberry Pi’s Director of Software Engineering.
The repositories in question are the databases the OS uses to maintain software versions and available updates. Most repositories are open source and reside in places like Github while the Visual Studio Code repo resides on Microsoft’s servers. Users who want their devices unsullied by corporate code don’t immediately have a choice to turn off this repo on installing Raspberry Pi OS.
“The more I think about this, the more the trust element comes to the fore,” Raspberry Pi CEO Eben Upton told Gizmodo. “It feels like this is about a minority of people who have an unrealistic view of how many people they’re trusting when they install any piece of software. This isn’t just about proprietary software—remember how we all trusted that OpenSSL must be good, because it’s free, and widely used, and couldn’t possibly be full of terrible security bugs? It’s ridiculous to suggest that we’re somehow betraying people by choosing to trust Microsoft.”
But some people are interpreting the move as a betrayal and are jumping ship as a result.
“I’m sorry Raspbian but I have to say goodbye to you. No hard feelings. I wish you all the best and rot in hell,” wrote a Reddit user called Dr0zD.