@mox@manualoverride while I absolutely agree with your position, also keep in mind that this has security implications.
Beside the fact that most vendors dont even use all the patches available from AOSP, no custom ROM project can backport all patches. Sooner or later this means there are devices that cant be securely used anymore, unless someone does the effort.
a vendor concept with a subscription could solve this I guess or enough support for an open project e.g. @GrapheneOS