That might change the odds, but unless you fork diligently (and monkeypatch each and every future vulnerability) you might ship a compromised fork forever.

▲

olejorgenb an hour ago | parent [-]

Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.

	▲	lights0123 an hour ago \| parent [-]
		Software vulnerabilities are often not placed maliciously, and are present in the original source. If you don't patch them if discovered later, you'll be vulnerable to them.