indigomadelin Starting from version 2025092500, part of the code (security patches) is provided in binary form until the embargo ends. Now users must trust GrapheneOS, which trusts the OEM, which trusts Google. This means that the open-source rule "given enough eyeballs, all backdoors are shallow" no longer applies.
Though the current situation is not ideal, I think that line of reasoning might be a bit of an overstatement.
If it had been the case before September 2025 that a substantial number of security bugs had been reported to the GrapheneOS developers by "eyeballs" reading the GrapheneOS source code on GitHub, then this change would indeed be impeding the operation of those "eyeballs". However, the changes that Google is requiring to be shipped first in binary form are largely problems that Google has uncovered, or, in some cases, problems that OEMs and security researchers have reported to Google. There are still "eyeballs" operating, and a case could be made that those particular "eyeballs" have historically been the most productive ones.
And if there are a significant number of "eyeballs" doing security analysis on the GrapheneOS source code on GitHub, I suspect there are still plenty of problems for those "eyeballs" to find.
indigomadelin What checks does the binary undergo before publication? Digital signature verification, reverse engineering, network traffic analysis, fuzzing?
Some components, e.g., cellular modem firmware, Wi-Fi firmware, Bluetooth firmware, GPU firmware, GPS firmware and user-space GPS code, were already shipping in binary form. The change now is that some components that the GrapheneOS team was previously building from source code that was published on GitHub at the time a release was built are now being built from source by the GrapheneOS team from source code that can't be published on GitHub until after an embargo is over.