When are they going to start doing it for private repos too...

See also the Bootstrappable Builds website/community.

https://bootstrappable.org/

There is a solution to that, but it requires these companies to implement source address validation. If your ISP is on the list, maybe complain about it.

https://spoofer.caida.org/as_stats.php

Debian has a unicode-data package, so you can just depend on it.

Another option for that might be `git archive | tar -C /path/to/dir -xf-`

Does OpenBSD have Bootstrappable Builds from source without any binaries? I'm guessing not yet, since GNU Guix (Linux distro) pioneered that, and I haven't seen any BSD distro interested in the related Reproducible Builds project.

https://bootstrappable.org/ https://reproducible-builds.org/

In case you are talking about automated upgrades between releases, there are some ideas for that here:

https://wiki.debian.org/AutomatedUpgrade

It is feasible to do if you prepare ahead of time, and you can even do automated offline upgrades with apt-offline and some scripting.

Use needrestart, you can mostly automate those restarts with it.

I use unattended-upgrades with Debian's rolling release (aka testing).

Mostly works fine apart from bugs in unattended-upgrades, or when my boot partition runs out of disk.

There was a report some years ago that found the IP address being connected to is often enough to identify the website being visited, even when using a CDN. I think you have to go to VPNs at a minimum, or Tor preferably. Tor doesn't help with correlation attacks from global passive/active adversaries though, or even folks with access to a lot of netflow data.