Which is not to say that thats not a valid approach - but for it to work we need better tools to handle lots of git repos at once (for example, the ability to get notified about any new code on github that affects your project would be pretty cool, especially if its coming from people or organisations you haven't explicitly marked as trusted yet)
I would like to see someone try and sneak rogue commits into Linux. It would be quite the feat.
What? Who "injected" what and when?