alt Hacker NewsAnd this is the best-case scenario. Because once updates become opt-out it simply becomes an attack vector of another type.
If the updated code is not open source, you are trusting blindly that not some kind of different remote code execution just happened without you knowing it.
If you don't personally review every line then you are already trusting blindly.