[repelsteeltje]

That might change the odds, but unless you fork diligently (and monkeypatch each and every future vulnerability) you might ship a compromised fork forever.

[olejorgenb]

Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.

[lights0123]

Software vulnerabilities are often not placed maliciously, and are present in the original source. If you don't patch them if discovered later, you'll be vulnerable to them.

[olejorgenb]

Yes. Isn't that "giant PITA" is referring to here?

> your own repo reviewing and merging from upstream as needed. Would be a giant PITA though