I understand that probably there is little interest if you are a device ROM maintainer to embed a backdoor into it. But it’s still possible. Lineage has a fairly simple and open build process. Should I do it on my own? Or should I trust the maintainers and not bother? What are your thoughts?
I think they require that builds happen on their build servers using public source to make sneaking in something unsavory harder. A maintainer can’t just say here ship this binary.
Here you can see that they use an automated build system and a means to track what is getting built.
What is your threat model? I would be more worried about those proprietary firmware blobs that you have to use with your hardware irrespective of what ROM you choose. If you’re worried about a maintainer sneaking in a back door, I would think that unlikely because it would leave a paper trail.
Yes, I have already been explained here how the build process takes place. Now I understand that it is transparent and open. I didn’t know this before and thought maintainer was just putting builds in the repository 🤷 I’m stupid, I know 😁