I understand that probably there is little interest if you are a device ROM maintainer to embed a backdoor into it. But it’s still possible. Lineage has a fairly simple and open build process. Should I do it on my own? Or should I trust the maintainers and not bother? What are your thoughts?
Unless you are able to read/audit the code, you would need to trust the maintainers even if you run the build scripts yourself.
I am more okey with trusting LineageOS team. Less with some random maintaner from internet.
You can verify the official builds were signed with their key.
https://wiki.lineageos.org/verifying-builds
Fair point!