Since /e/OS is not a security-hardened mobile OS, it is targeting standard industry practices. Therefore, for a given release on month N, our current work-flow is to integrate Android security patches from month N-1. As a result, in the worst case, it will take up to 9 weeks to roll out the latest available security updates.In most cases, it will be much sooner.
An exception is made for 0-day exploits: in this case our policy is to build and roll out a patched version of /e/OS as soon as possible.
Exactly.
/e/OS and security updates