Has AutoCrypt or DC been audited?
in October 2019, there was an audit over the underlying crypto engine, https://github.com/rpgp/rpgp#status-last-updated-october-2019 (was announced in May 2019 here)
. We will soon publish the full review report. Further independent security reviews are upcoming.
Is there a public timeline for any of these?
Hopefully in March we get to publish about the first security review. If you want to see the report earlier please mail me at holger at merlinux eu. The second review is probably finished by mid 2020, there still are some timing issues.