I think it would be easier, since it does not require agreement on transaction between two parties, only signing your own transaction. Anyone can fork and clone anything, and then add to their own signed version. All that is required is that you cloned from an existing trusted version and you made these changes to it. It’s easy to verify.
It only requires that the user can select some release group that they trust and store their public key.
I think it’s a problem with VPNs