Ledger isn't a offline signing device and hasn't been since they implemented online backup of keys a couple of years ago. Nobody serious about security buys ledger products anymore, and its never been FOSS so its always been contentious.

The only real games in town are trezor and its clones and seedsigner.

Just because ledger fucks up doesn't mean phones with WiFi and baseband spyware and regular software updates over the air is a good security practice.