I think it's an interesting model. Somehow, the maintenance needs to be funded, and that is an ongoing effort. Charging for security updates is not ideal, but I'm not sure what the alternative would be.
It seems like it would be cheaper and more effective to just keep in sync with GrapheneOS rather than maintaining a custom fork.
I understand that maintenance still isn't free in that case, but it seems like they went out of their way to make more maintenance work for themselves, and then they asked their customers to pay for it. As a potential customer, I would've rather it just come with standard GOS rather than paying yearly for a fork that probably isn't as secure.
Also if it's mandatory? I would also say it's desirable to prevent the situation in which users just choose to have zombie devices because security is more expensive, but making them free or making them mandatory paid would both work for that
How would they make it mandatory, though? The only way I can think of making it mandatory would be if the phone bricks itself when the subscription ends. Or if you just lease the phone and the lease includes updates.
It seems like the best approach would be to just include the cost of updates in the price of the phone, which I guess is what every other phone maker does.
