> Most manufacturers don't want to hire kernel and hardware devs.
I don't think this is particularly relevant. IIRC Qualcomm hardware support includes a handful of binary blobs with restrictive licenses. So if there is a vulnerability in one of those OEMs can't fix it without Qualcomm's support. So it is impossible to promise longer support than Qualcomm will provide. In practice they may be able to support the device longer if they can work around security issues from outside the blob or if no security issues are found, but they can't guarantee it (and without a guarantee there is also less incentive to actually do it).
We are finally seeing Apple, Google and Samsung creating their own SOC with longer software support, hopefully that is enough to disrupt Qualcomm's shitty practices here.
I don't think this is particularly relevant. IIRC Qualcomm hardware support includes a handful of binary blobs with restrictive licenses. So if there is a vulnerability in one of those OEMs can't fix it without Qualcomm's support. So it is impossible to promise longer support than Qualcomm will provide. In practice they may be able to support the device longer if they can work around security issues from outside the blob or if no security issues are found, but they can't guarantee it (and without a guarantee there is also less incentive to actually do it).
We are finally seeing Apple, Google and Samsung creating their own SOC with longer software support, hopefully that is enough to disrupt Qualcomm's shitty practices here.