Simple solution would be to turn off automatic updates by default and leave notifications on.
Then change the notification behaviour to give the option to view the changelog before updating.
- User accepts the changes then they can update
- User doesn't like the changes then they
If a user switches to automatic updates then they should be notified of the risk.
All this talk of tighter regulations, multiple versions, and more work for the skinners could
just result in driving them away from the official repo to their own private
ones or, worse
case scenario, stop them from releasing to the public at all.