iodéOS lags far behind on Android, Linux kernel, browser engine and other updates too. It's much less behind than /e/ and misleads users less but they still do. They set an inaccurate Android security patch level which misleads users just as /e/ does.
I didn't know. Do you have a link to one specific announcement where they mislead people about the patch level? It would help to start a conversation to change that.
The patch level they set in the operating system is consistently inaccurate. They raise the patch level based on applying a subset of the AOSP patches without the full set of patches including being missing kernel, driver and firmware patches.
