Why would the source of the patches be less trusted than the source of (updated) kernels? I expect it to be the same, your distro.

$200/year is peanuts for any commercial use worth the name. The problem, of course, is the whole non-free infrastructure it has to introduce.

I wonder when large and critical OSS projects will start to be seen as a public good they are, with large corporations willingly financing them because not doing so is bad PR.