CyanogenMod 9 is stable; 10 is underway

Support for permission revocation in CM has always been weak - it was there but tended to cause everything to force close, because of how it was implemented. LBE Privacy Guard just lies to applications so that they don't crash. I think that the design in CM was basically intended to fail, to essentially punish those who asked for it.

I don't think it is a conspiracy or anything, but I think you basically are hitting at the issue. Those with the strongest desires to contribute to android are also those most likely to seek employment in this area, and that means they don't want to tick off those who benefit from the revenue model.

The other issue is that the strongest contributors get quite a bit in the way of donations, which means they tend to have shiny new hardware, which means they tend not to spend as much time on older handsets as they used to.

I won't begrudge these people their day jobs - their work on Android is a donation of time and I can't really call them "traitors" for wanting employment. That said, forks that add in the features users like would be desirable. There is no reason somebody can't just maintain some patches and just parallel the CM releases. Then again, solutions like LBE Privacy Guard also work and are about as effective, but require less device-specific work to implement.