@Raznick and @CharAznable You both got good points.
I guess the best middle point would be to buy the gear first then get customer support. At least then a purchaser of service could check to see if the code isn’t malware prior to installation. As an example: MD5 checksums and legitimate github links.
Where do you guys get your hardware from? Any reputable dealers you know of?