I hope you consider strict threat modeling when deciding which approach to security is preferred. How about a threat of Google removing your control of the OS [this thread] and [0]? Or Google delaying security patches [1]?
I hope you consider strict threat modeling when deciding which approach to security is preferred. How about a threat of Google removing your control of the OS [this thread] and [0]? Or Google delaying security patches [1]?
>Google removing your control of the OS
That is a feature of Play Services and not a part of AOSP which is what we are talking about.
>Or Google delaying security patches
Like it or not coordinated vulnerability disclosure is a thing in the industry and is done by other Linux distros too.
This is not "coordinated vulnerability disclosure". It's waiting for slow vendors at the risk of everybody else.