Patches are patches, no matter how much sugar coat and repo restructuring you perform around them. In the end of the day, someone has to forward port all patches to new kernel version, compile test all 40 targets and manually review patch conflicts in case of non trivial rebases. Its tedious, labor intensive work that can eat between a few hours and several days worth of work which is usually not payed for by everyone.
Ubuntu targets mostly targets x86 platforms and a few selected very capable ARM devices. I don't think space constraints are of any consideration for Ubuntu.
We do support devices in a minimal way with security and bug fixes, mainly by cherry picking relevant fixes from the master branch back into the still supported branches. There are autobuilders for each active branch which continuosly generate updated packages. If larger security issues come up (Spectre/Meltdown, KRACK, ...) we put out new maintenance releases with refreshed images.
I think this is about as good as it gets, any demands beyond that are unreasonable and impossible to address given OpenWrt's current personell capabilities. Nobody working on OpenWrt has the time and financial resources to provide support for devices 5, 6, 7 years down the road. It is simply not going to happen.
I disagree. Taking for example the TL-WR1043ND which was first supported in 10.03.1, released december 2010 until at least 17.01.6, released in september 2018. This is almost 8 years free of charge support. not sure what else you expect beyond that.
Where is this completely wrong notion coming from? What are frequent releases?
17.01.0 - Feb 2017
17.01.1 - Apr 2017
17.01.2 - Jun 2017
17.01.3 - Oct 2017
17.01.4 - Oct 2017
17.01.5 - Jul 2018
17.01.6 - Sep 2018
18.06.0 - Jul 2018
18.06.1 - Aug 2018
Not sure if you expect a new release every one or two weeks to be happy, but if this is the case then this is definitely not going to happen, sorry.
If you want to always use the latest tip of the respective branches, use http://downloads.openwrt.org/snapshots/ or http://downloads.openwrt.org/releases/18.06-SNAPSHOT/, http://downloads.openwrt.org/releases/17.06-SNAPSHOT/
As for the notification infrastructure - someone has to implement it, add the necessary changes to OpenWrt, the gui, the builders etc.
So the question here is - who is going to implement that, who is going to do the merging, categorization, greenlighting of packages. Who is going to test them, address bugs etc.? What you demand here is a lot of work the project simply isn't able handle.
Upstream kernel development progresses so fast that this simply isn't feasible in the long term. Having out of tree drivers (mac80211, wireguard, mt76, ...) or even userspace (cake, openvswitch, ...) support widely different kernel versions is a lot of work which often is hindered by the lack of suitable hardware or suitable test cases to even assert the functionality of all the different version combinations. Each further version exponentially increases the effort required to keep stuff working.
Think about it, you demand a level support here which not even the OEMs can provide for their own device designs, and they only have to support a fraction of the environments OpenWrt supports, with full access to sources, schematics, erratas and so on.
Correct - and the 4-5 active OpenWrt base contributors actually doing a majority of the work decided that they cannot handle providing support for all devices accress 40 targets for 5+ years while still developing OpenWrt and backporting latest upstream features into old kernels, merging patches, handling infrastructure and porting OpenWrt to new devices.
If you need that level of support then consider building a downstream distribution based on OpenWrt with support for a selected subset of devices and maintenance for a few years down the road. Maybe even take a stab at e.g. maintaining the 17.01.x branch out of tree and if it works out well, offer to take over the maintenance.
Staying as close as possible to mainline and doing LTS are mutually exclusive requirements imho. Mainline does not care about LTS, mainline does not care about out of tree and mainline does not care about heavily resource constrained systems.
Encoding dependencies on a kernel version is the least part of the work, making sure that entire out of tree subsystems work across different kernel versions with wildly different APIs while simultaniously working on upstreaming them is the hard part. Most developers do not want to handle the load of juggling three to four distinct branches of components at any point in time.
https://sdwalker.github.io/uscan/
https://openwrt.org/releases/18.06/changelog-18.06.0#security_fixes
...
See also the recent work on tagging components with CPE IDs to allow for NVD cross referencing etc.
This is nothing OpenWrt can help with, unless you add mechanisms to forcibly disable the firmware after a set amount of time.
Note that security not only comes from updating things all the time but also from providing a somewhat secure default configuration, from reducing the available attack surface, from providing source code access to at least have the theoretical ability to review and patch code and from giving the tools to lock down the system.
To summarize the discussion - lots of things you demand from OpenWrt here would exceed the level of support provided by distributions like Ubuntu or Debian with only a tiny fraction of the funding and developer resources available.
Did you ever wonder why you simply can't insteall Debian or Gentoo on a TL-WR1043ND or a Linksys WRT1900AC? It is because such embedded devices impose constraints on the distribution which render most traditional Desktop world processes unusable while simultaniously require a lot of specialized developer knowledge.
Such specialized knowledge is rare, even more so if its unpaid. And the people that do it for the "fun" of it will only do the things they deem interesting or worthwhile. Tedious grunt work and distribution maintenance will not attract developers, it requires monetary compensation or another motivating factor which I couldn't yet spot in these discussions.
Turning OpenWrt into a full-blown, LTS supported distribution with extensive regression testing and very narrowly focused future development roadmaps will exceed the capabilities of the current contributor base.
Implementing such a distribution requires a lot of professional organization and appropriate incentives which I simply do not see in the immediate future.