I'm attempting to launch an ERC-20 token, and I am under the impression that OpenZeppelin is generally a good standard to use for this process.
One concern that I have is that people seem to importing directly from the Github, which seems like poor practice considering one can never update a smart contract. What if Github goes down, is my currency broken? What if OpenZeppelin falls into disrepair, is my currency lost forever?
I know this is standard in typical apps (importing from a link I.E. JQuery, CSS packages etc...), but if these were to go down, one could easily find a new solution...not so for smart contracts on the blockchain.
Am I wrong about this? How does this work exactly?
One concern that I have is that people seem to importing directly from the Github, which seems like poor practice considering one can never update a smart contract. What if Github goes down, is my currency broken? What if OpenZeppelin falls into disrepair, is my currency lost forever?
This does not matter and you are making many false assumptions in your thinking.
You are going to deploy a compiled bytecode on a blockchain. It does not matter where the source code for the bytecode comes from then. Then, you can have verifiable builds for this source code on Etherscan. Etherscan only cares the source code is available, it really does not matter where did you get it.