Very sad news

[diederik]

That means using a device with no security updates. Vulnerabilities in the kernel itself are found often enough.

yeah, it's crazy to connect to internet any device without security updates. Just look how often even debian updates its kernel.

Which consists of 99+% of updates from the upstream Linux kernel, which is https://git.kernel.org/pub/scm/linux/ker...inux-6.1.y for Bookworm.

The main problem I see is that WAY too many patches are carried 'downstream' instead of upstreaming them to Linus' kernel.
When you don't do that, you'll get in an unmaintainable situation sooner or later.

When the PineTab2 arrived and Mobian wanted to add support for that device, they thought they needed extra patches on top of the 138 patches they were already carrying.
I just laughed/SMH, thinking "How about you start with dropping at least 100 of those patches?"
With that many patches you can't know if you encounter a bug in the upstream kernel or a bug in one of your own patches.

The norm should be: if you have a patch, upstream it ASAP so that everyone benefits and you can then drop your own patch.
To me, the problem is that that happens way too little.

And there is indeed way too little (practically none) collaboration to make things better by working together.
Instead, everyone seems to be working inside their own little bubble.
And Mobian themselves are also VERY guilty of that.