I have just a few minor corrections to the OSTree segment:
* It is entirely possible to deliver "asynchronous" security updates; what I more meant is that doing so requires dedicated person-power that I don't believe we have. The entire system is designed to allow forking/merging, and a security update is no different from a slightly modified tree.
* ostbuild actually monitors over 200 git repositories right now, not just one. Every commit to X.org gets immediately built for example. Some things are fixed at specific tags though - my one server would kind of choke doing continuous integration of WebKitGtk =)
* The marketing/branding thing is really independent of the build system. It's more a generic issue when shipping something more directly consumable than git repositories.
I wish the article had highlighted more what I consider the biggest issue - the inability of both dpkg and rpm to go backwards. I'd revert Fedora rawhide for example back to a state where it could start GDM this very second if it were possible. Reverting is not always the right answer of course - it's important to debug things. But it's a lot more important to have a constantly usable development tree.