That's my conclusion, yes. With the third (middle) option spending at least a day extra, potentially more, for each closed-source release.

Until now, I've been reviewing **every** release of all my apps **and** Graphene, which takes me about a week of work time per month, just to be secure from gangsters hacking anything other than the NSA. I'm not even secure against nation states.

ah, so is the choice: run Graphene with updates on a ~4 month lag or run closed source Graphene?

Scoresby

Stacker Saloon

saloon

Oh the access is great. The 4-mo of closed source is really awful!

If tomorrow Graphene asks me "trust-me-bro" binaries, "literally-disassemble-these" (which sux because it's 100x the work) or "be-insecure".

Then I need to choose between trusting Apple or trusting a bunch of anons. SAD!