For context, this video got me a little spooked about my current OS, I never was super comfortable with their “overnight update” style despite it being more secure. How do they prevent unsafe binaries from a rouge employee being pushed to the device, deviating from / hidden in its open source roots, I know manually self-compiling to validate is complicated and may get diffrent results than the official rom. If I need to switch away, what to? I need update integrity over speed. Also Magisk would be nice.
This comment explains the drama and concerns pretty well. In short, the problematic lead stepped down and there isn’t really a reason to discredit the dev team as a whole.
As far as auditing goes, the code is available on GitHub. Only slightly joking, following release updates would be a good way to see what’s changing at a high level.