diff --git a/src/explainers/upstream_nixpkgs.md b/src/explainers/upstream_nixpkgs.md
index d9c402f..48ac497 100644
--- a/src/explainers/upstream_nixpkgs.md
+++ b/src/explainers/upstream_nixpkgs.md
@@ -1 +1,3 @@
-Say more here later.
+We don't recommend using forked or re-exported versions of Nixpkgs.
+While this may be convenient in some cases, it can introduce unexpected behaviors and unwanted security risks.
+While upstream Nixpkgs isn't bulletproof—nothing in software is!—it has a wide range of security measures in place, most notably continuous integration testing with Hydra, that mitigate a great deal of supply chain risk.
diff --git a/src/templates/summary.md b/src/templates/summary.md
index f60e0fa..dbde251 100644
--- a/src/templates/summary.md
+++ b/src/templates/summary.md
@@ -77,6 +77,8 @@ Here's an example:
inputs.nixpkgs.url = "github:NixOS/nixpkgs";
}
```
+
+If you need a customized version of Nixpkgs, we recommend using methods like [overlays] and per-package [overrides].
@@ -87,3 +89,5 @@ Here's an example:
[flake-lock-action]: https://github.com/determinateSystems/update-flake-lock
[nixos]: https://github.com/nixos
+[overlays]: https://nixos.wiki/wiki/Overlays
+[overrides]: https://ryantm.github.io/nixpkgs/using/overrides