I would like help to get an overview of the organisations and developers involved with the core infrastructure/systems of Raspberry Pi. I think it's rather messy as it is now and there are bits of info you have piece together and it's all scattered all over many different websites and social posts.
This is what I know about organisations.
The people building the hardware is the raspberrypi.com organisation/corporation. This is their github org: https://github.com/raspberrypi/ And their members are hidden from public view. Why? They are also the devs who build the Pi Imager app and rpi-image-gen.
Then there is raspberrypi.org which is a different organisation, not part of the official org/corp. They only write information about the products or something I'm not sure.
Then there is a third organisation https://github.com/RPi-Distro/pi-gen who makes the pi-gen which lets us build Raspberry Pi OS images instead of using one that's already built. So its a completely different organisation that builds the raspberry pi OS, not part of the corporation who builds the hardware?
Then there is still currently posts and arcticles in 2025 that continue talking about raspbian os even though I keep reading that it's old and now we should use raspbian pi os which is derived from raspbian os. Is Raspbian still an actively maintained OS that is kept up to date or not?
So who are all these organisations and developers?
There seems to be very bad security for raspberry Pi in general. The build images are not signed, which is very bad security. The Pi Imager app is not signed unless you install it through APT but there is no pi-imager package in apt. The official website says there is but it's out dated info i guess. If you search the repositories for pgp/gpg keys you will not find any.
That leaves the only option for installing Raspberry Pi OS by building the image myself. But who is this https://github.com/RPi-Distro/ organisation? Why is it a different organisation than https://github.com/raspberrypi/ ?
I get the impression that raspberry pi devs appraoch to security is "it's open source so that means it's secure". And then there are lots of independent organisations and devs and no one is using any signatures. It looks very messy and insecure from a beginners perspective.
This is what I know about organisations.
The people building the hardware is the raspberrypi.com organisation/corporation. This is their github org: https://github.com/raspberrypi/ And their members are hidden from public view. Why? They are also the devs who build the Pi Imager app and rpi-image-gen.
Then there is raspberrypi.org which is a different organisation, not part of the official org/corp. They only write information about the products or something I'm not sure.
Then there is a third organisation https://github.com/RPi-Distro/pi-gen who makes the pi-gen which lets us build Raspberry Pi OS images instead of using one that's already built. So its a completely different organisation that builds the raspberry pi OS, not part of the corporation who builds the hardware?
Then there is still currently posts and arcticles in 2025 that continue talking about raspbian os even though I keep reading that it's old and now we should use raspbian pi os which is derived from raspbian os. Is Raspbian still an actively maintained OS that is kept up to date or not?
So who are all these organisations and developers?
There seems to be very bad security for raspberry Pi in general. The build images are not signed, which is very bad security. The Pi Imager app is not signed unless you install it through APT but there is no pi-imager package in apt. The official website says there is but it's out dated info i guess. If you search the repositories for pgp/gpg keys you will not find any.
That leaves the only option for installing Raspberry Pi OS by building the image myself. But who is this https://github.com/RPi-Distro/ organisation? Why is it a different organisation than https://github.com/raspberrypi/ ?
I get the impression that raspberry pi devs appraoch to security is "it's open source so that means it's secure". And then there are lots of independent organisations and devs and no one is using any signatures. It looks very messy and insecure from a beginners perspective.
Statistics: Posted by rpifunfun — Mon Jul 07, 2025 4:03 pm