Recently there have been some discussion a OTA in the PineTime Telegram group. This is my view on the trust model required for PineTime to work.
TLDR; I think we need to trust a new firmware to a certain extent before flashing it to PineTime.I have done a little experiment with Over The Air updates for PineTime firmware. I used the mynewt project from my last post as a base. In a few hour I had updated my firmware.
I started with the blinky project from the last post.So I recently bought a PineTime dev kit. It is a development kit for a smartwatch. It is complete, but not fully assembled. The back is loose, so that you can program your own software. Pine64 is a hardware company, which expects the community to write open-source software for it.