Being it binary or not, it doesn't make any difference.
It's the "modern times" craze about plugins pulled from different unauditable, unknown sources.
The fact that it is on GitHub or any other "publicly available" source it is irrelevant.
I keep using vim and Kate and manually install anything I need form my distro (Arch Linux) repos. If it is not there, then, sorry I cannot use it.
I think the main add of distro repositories is the repo maintainers sit as a review step between you and the project updates on e.g. GitHub, not that it enables you to better audit the code yourself. I'm not sure it's really all that effective in practical terms though.
Distros raise the probability that something will get caught, but it’s only that - increasing your chances not getting pwned… it’s still not bulletproof
It's the "modern times" craze about plugins pulled from different unauditable, unknown sources. The fact that it is on GitHub or any other "publicly available" source it is irrelevant.
I keep using vim and Kate and manually install anything I need form my distro (Arch Linux) repos. If it is not there, then, sorry I cannot use it.