This. It drives me crazy that companies want to lock down the firmware, but then won't take responsibility for keeping their locked down firmware from being taken over by bots. If they hate maintaining the software so much let the community take over.

If I were a AP manufacturer I would have like 1 software guy total, and his job would be to make sure the drivers for the hardware is always up to date on the open source software that my product ships, and to contribute bug fixes and feature improvements to that software.

Well, I like to think that anyway. I have some suspicions that chipset manufacturers like to keep their documentation behind NDA that precludes anybody who signs it from contributing to open source software.

Neither of those options push the user to buy a new router every few years.

“Open” is not the only problem.

I tried prioritizing “open.” I had a customized firmware on a fully open-source (even open-source WiFi firmware) Atheros-based router. And “open” turned out to mean, “enough rope to hang yourself.” I didn’t dare update that thing for years because I installed it in an inconvenient location and I couldn’t trust that it would continue to work if I installed upstream updates.

Now I emphasize update automation. The closed firmwares of ISP routers are not great, but the ISPs take charge of maintaining them. I don’t recommend plain OpenWRT to non-technical users because it doesn’t auto-update.

Maybe a Turris router, because they have the CZ.NIC people in charge of updates. Even there, the transition from Turris OS 3 to Turris OS 5 has been disruptive because of the upgrade from OpenWRT 15 to OpenWRT 19 and its migrations to Device Tree and Distributed Switch Architecture. At least CZ.NIC is still updating the Turris OS 3 packages.