[alanctgardner3]

The repo maintainers are going to be on the hook to rebuild every dependency every time any package in the dependency chain changes. That sounds like a nightmare versus the current scenario where only one package gets revved when a library has a bug.

[cyphar]

If you have an automated build system (like OBS -- the Open Build System used by openSUSE) where dependencies are rebuilt automatically and security fixes can be pushed to maintainence automatically.

[dcposch]

Not every time a library changes, only every time one has a security bug.

[noja]

So either the repo maintainers do it, or they stop being relevant (for this use case). Or someone else comes along to fill the gap.