@anon88181694 your Divestos project gives you lots of merit, it’s great, you have that patchlevel in order where you can control it - but CVE counts drive you mad to the point you can’t put it aside.
The context of @hkmike is rather no matter how well patched his /e/devices would be, he had difficulties running mandatory software in Hong Kong for their Covid schemes and school program. That’s a different problem not addressable by patching to latest levels and the issue is of general concern to all users as in software that is needed to participate (banking/public-admin).