Example Arch AUR but similar for Nix, Guix, Gentoo, others:
On first install:
- read AUR file
- audit build & patching framework
- audit patches
On upgrade:
- review patch changes
- treat upstream changes like you would otherwise
On upgrade with AUR file change:
- review AUR file changes
- review build & patching framework changes
If you've bothered to set up your own repos and build pipeline integrating your patches already (and you can get a lot of that for free), the additional overhead isn't as large as it may sound.
vscodium is doing the much larger work of cross-checking vscode and in exchange I do the smaller work of cross-checking theirs - and putting in my own so I have zeroconf installs with prebundled extensions and whatnot on new machines.
Same for browser (ungoogled-chromium, vanadium, librewolf or whathaveyou)
vscodium is doing the much larger work of cross-checking vscode and in exchange I do the smaller work of cross-checking theirs - and putting in my own so I have zeroconf installs with prebundled extensions and whatnot on new machines.
Same for browser (ungoogled-chromium, vanadium, librewolf or whathaveyou)