The open source operating system experience exists in pieces, scattered across a world of projects and technologies. Distributions exist because they attempt to create a unified experience from the bits and pieces of open source functionality out in that world, while establishing themselves as a vendor their users can trust. Users might try a few distributions to see which one works for them and settle on one which provides the experience they are looking for. Users build a relationship with their distribution from which they can establish a trust in the packages the distribution ships and the defaults they configure.

So when a user decides they no longer agree with what their distribution ships, and exercise an option to download untrusted packages — risking the failure of future software upgrades and possibly severe security issues — with whom does the fault lie?

Is it reasonable for a distribution to expect a user to visit their website on Release Day to be informed about changes and cautions in the new release? Is it reasonable for a distribution to be alarmed and concerned when rogue packaging interferes with updates, upgrades, and security? Is it reasonable for a distribution to encourage their users to resist or desist using such packages? Is it reasonable for a distribution to encourage users who are not interested in the offerings of the latest release to fall back to the still-supported version? Is it reasonable for the distribution to support their users the best they can while maintaining their own project goals?

More Here