[brendyn]

Now in grapheneosin the updates settings it allows you to apply Google's upstream security patches, but grapheneos is forbidden from releasing the source code for these until a certain time later. You can read more about it on their blog. I have them enabled. At least I can rest easy knowing the Grapheneos Devs are able to inspect the code on users behalf even if they can't yet release it.

[overfeed]

Will Graphene release the patches concurrently with Google? If there's a lag, then then Graphene is a tiny bit less safe in terms of one-day/n-day bugs.

Not having the source of the patch adds some friction to all attackers, but reversing vulnerabilities from binary patches has a long history.

[linux_modder]

For the security preview channel where they have to withhold the code until it's officially released yes that comes out with/days after Google releases them publicly.

[Yokolos]

They generally patch much faster than Google.