Yes the explanations here are largely correct. GrapheneOS has a lot to keep on top of dealing with such large upstream codebases - linux, chromium and AOSP are all huge, complex and constantly changing
Due to the nature of the project the GrapheneOS team has to act quickly to include upstream security fixes and fix any bugs or issues that are discovered. This last year our developers have spent huge amounts of time working on fixing up the VPN leaks and dealing with local device vulnerabilities following the reporting of those problems. Also various issues in AOSP which we needed to fix so we could ship security updates in a timely fashion. None of that was planned/scheduled work. They werent things we were prepared to ignore.
If our funding was tied to new features we would not have the agility to switch focus to work on fixing things. Keeping the OS secure and stable is something we, and we think our user base, find critically important.
We are a relatively small team. We have a number of highly talented and productive developers working on GrapheneOS but there is always much to do. We are constantly actively recruiting, but its not quick or easy to bring new developers into working on the project. They have to have the right skill set, learn the way we do things and some people are only really productive under certain work regimes. So we are not able to just throw money at a new feature, hire a load of new devs and get results.
Every new feature also requires ongoing maintenance. Sometimes lots of work. We cant just let features that people depend upon suddenly stop working. So we have to think carefully about potential future maintenance burden before adding anything.
Due to the complex codebase, the necessity to implement features in a way which make it as easy as possible to maintain in the future and to have it done 'correctly' rather than as fragile hacks, features often require far more work than anyone predicted. Its very hard to set realistic budgets for any new feature.
We have a policy of rejecting feature tied funding. For the reasons I outline and also because of the potential for disagreements about what qualifies as a feature being 'complete'.
The quality of the operating system speaks for itself. If you value it please consider donating. Recurring donations are most useful as it gives us more certainty about future levels of cash flow and we can increase the number of people on our team with more confidence.
https://grapheneos.org/donate