Eylenburg's site is focused on privacy and security for the comparisons. GrapheneOS is the only privacy and security hardened OS included in the Android-based OS comparison. None of the other operating systems listed in that comparison keep up with Android privacy/security patches or provide significant OS level privacy or security improvements. Many GrapheneOS features aren't listed by the table or are grouped in huge generic categories such as "Hardened system components". An example of a major privacy feature not listed by the table is closing the leaks in Android's standard VPN lockdown mode. GrapheneOS fixes all 5 of the known outbound leaks in VPN lockdown mode, CalyxOS partially fixes 1 of them and the others don't touch this since that's not their focus. It's a privacy and security focused site comparing an OS focused on improving those in the OS layer to ones which mostly aren't.
Operating systems lagging far behind on privacy and security patches are definitely quite bad when it comes to security. For example, the official releases of /e/ for the Pixel 7 are still based on Android 13 and do not include any of the Pixel kernel, driver of firmware patches released from October 2023 and later. Eylenburg's table doesn't put much emphasis on this since it's contained within a couple rows which do not adequately communicate how delayed the updates are and how much that matters.
In addition to the official Android and OEM privacy/security patches, there are also major privacy and security improvements in each major Android release. Android also doesn't backport most Moderate and Low severity patches which are no longer given CVE assignments. Most privacy patches are considered Moderate or Low severity if at all. Many privacy improvements also aren't considered to be bug fixes since they're improvements to the intended design of the system. Only bug fixes considered to have a High or Critical severity security impact are backported. The comparison table could cover a bunch of standard Android privacy/security improvements to emphasize the importance of keeping up with the only actual LTS branch.
So, what you are saying is that Lineage has bad security because they are doing their best to support old devices as long as possible?
Interesting position. It is a valid criticism but brings its own problems.
No, that's not at all what was said.
Pixel 7 is a fully supported device with Android 16 QPR1 available for it via the stock OS. /e/ is on Android 13 on the Pixel 7 without the kernel, driver and firmware updates released for it from the Android 14 launch and later. /e/ is a fork of LineageOS with drastically worse privacy and security.
LineageOS rolls back the security model and features a fair bit but does it far less than /e. LineageOS doesn't implement major privacy and security enhancements so a comparison of non-standard improvements in those areas is going to show that. LineageOS lags behind on providing the AOSP and vendor security patches, but far less than /e/.
The table covers the patch delays for both AOSP patches and device patches. It's showing how far behind they are on kernel, driver and firmware patches released for a device, not anything to do with end-of-life devices. Being multiple years behind on those patches for the Pixel 7 on /e/ has nothing to do with supporting an old device as long as possible.