I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.
Conversation
I was the one that created and maintained it, almost entirely on my own. It offered substantially more privacy and security than the stock OS. It couldn't offer a longer support period since it relied on the same security updates. It's no longer the same thing that it was before.
2
2
Finally you admitted that there are ROMs better than stock ROMs :)
Do not be upset with me for thinking differently and wanting to do differently.
2
I just want to say a few more things.
It's possible relock the Bootloader after flash a new rom.
1
Only Nexus and Pixel phones support locking the bootloader with an alternate OS. I'm obviously aware of that since I worked on an alternate OS preserving the security model used by the stock OS and AOSP. There's no point in locking it if the OS being used breaks that security.
2
Yes I know that, thats why I do not want to use the Nexus 5 stock Rom because it has too many vulnerabilities and it's not optimized to use the maximum power of the Nexus 5 and also the battery drains very fast ......
2
It has a huge number of vulnerabilities with whatever ROM you are using. The issue is using a Nexus 5 at all when it isn't receiving security support for the kernel, drivers and firmware. Your choice of ROM doesn't solve these issues. It's still incredibly insecure regardless.
1
It doesn't matter if your ROM pulls in all the latest AOSP security fixes and then lies about the security patch level by pretending that those are the only fixes in the Android security updates. It's missing half of the fixes for vulnerabilities. Sorry but it's totally insecure.
1
Even if they rewrote all of the closed source drivers that aren't receiving security updates and maintained them, moved to a kernel branch receiving security updates and maintained the other device-specific code, it wouldn't fully solve the problem. They're not doing that anyway.
1
It would be possible for people to rewrite and maintain all those drivers and move to a modern kernel receiving security updates. It would be an enormous amount of work. It's certainly not something that the ROM development community is doing, and it couldn't fix the firmware.
I don't understand why you follow an account about privacy and security hardening if you don't even care about having a device with basic security updates. It makes no sense to worry about fancy stuff without covering basic security hygiene. It's as bad as someone using WinXP...