If I can't trust the official rpi-update binary and need to read its code under the assumption that it might have backdoors, then following that logic I can't trust any binaries in the official Raspberry Pi OS and should be reading its millions of lines of code searching for said backdoors. Since you clearly have done that, please share your audit report with the rest of us, I'd love to read it.You should read the script first and see if you trust it, understand it, and if it is needed. But you haven't done that so that is the main issue. Even a 'script kiddy' can add your Pi to a botnet and turn your Pi into an attacker machine for DDOS attacks or blackmail you with all sorts of data.Oh I did... I had no idea about that.
So what is the "official" way to do it? Should I run rpi-update or not?
It is your Raspbery Pi and it is open-source Linux, there is no official way. But apt update && apt full-upgrade (as admin user) and still read what has changed and determine why you need that changes is an option. Maybe even better to use some menu driven option, but I do not use those so can't tell you what you should use or do.
Thanks for the rest of the answers.
I guess the "fix" is to wait until the apt kernel catches up or surpasses .36 so this mismatch goes away, and don't run rpi-update again unless specifically told so?
Statistics: Posted by DJ_Hackintosh — Sun Jul 20, 2025 11:48 am