Should you trust some random dude on the internet who totally got AOSP+CM tweaks working on a newer kernel by aggregating blobs from 4 different devices? No, probably not. He may well be acting in good faith; but you have zero assurance of that; or much reason to trust that he hasn't made some potentially serious error in the process of making it work.
Should you trust your handset vendor/(and telco, if it's a phone that they've had a hand in)/Google? No, very probably not. The vendors do seem to care slightly more about bugs that might cause customer support calls or returns; and a lot less about security patches or providing vaguely recent versions of anything; but aside from those somewhat different technical priorities they aren't markedly more trustworthy than some random person on the XDA forums.