@juliank @stardust @tuxwise@tchncs.de I disagree with this statement on a fundamental level. If you see Debian as an expert tool for a very specific expert target group, then fine, whatever. But Debian is the base for a general-purpose operating system for millions of users with no technical background or simply no nerve and time to deal with things like this. You cannot and should not expect these users to know about any obscure text files, let alone read and understand the tech babble that's in them.
@juliank @stardust @tuxwise@tchncs.de I certainly don't fire up a text editor and check the NOTES files first before I run apt upgrade or click the "Install now" button on the update reminder popup and I am probably much more of an expert user. We can only implore you to revert your decision. Your concerns about supply chain attacks in particular are certainly not unfounded, but you cannot export the complexity of this decision to your users in a way they will not and cannot understand.