I agree but what would that involve?
Discussion
Without the prospect of reproducability, probably have images built on runners with reputation to lose like github, circleci, etc with the job output printing the binaries hash.
I'd probably do some cursory review of the fork diff to understand how the new dependancies are being sourced. A niche fork is always going to get less review and a bitcoin focused fork is going to be a target.
Yeah, the niche / unpopular distro will definitely be more scary unless. Would sort of rather have the software stack be replicated by guix or nix, or even Gentoo where I can build everything myself.