My main concern was if we had to generate patches from sources instead of using a binary. As long as patches are generated from binaries, we won't have checksum issues.
This could be a "nice to have" feature but I'd prefer to postpone that when we have deeper insights on how patches are generated and used instead of introducing more complexity from the start.