I don’t think that privacyguides.org will have to be updated significantly if something related to F-Droid happens since it already documents that “there are some security-related downsides to how F-Droid builds, signs, and delivers packages”. It’s clear to me that using F-Droid should only be used when it’s clear that all other means will fail to produce suitable results.
The “means above” that I see are:
I don’t see any mean “below” F-Droid.
I don’t think that privacyguides.org will have to be updated significantly if something related to F-Droid happens since it already documents that “there are some security-related downsides to how F-Droid builds, signs, and delivers packages”. It’s clear to me that using F-Droid should only be used when it’s clear that all other means will fail to produce suitable results.