Debating 'Patching as Code' in Hybrid Clouds: Centralized vs. Decentralized Orchestration

I'm interested in discussing the architectural implications of an automated Unix patching engine for hybrid cloud environments, particularly around 'Patching as Code' pipelines. One core design choice involves the orchestration layer. Should we aim for a highly centralized CI/CD system that pushes updates across all clouds, or would a more decentralized approach, with cloud-specific orchestrators reporting back to a central control plane, offer better resilience and fault isolation? The centralized model simplifies policy enforcement and visibility, but introduces a single point of failure and potential latency issues for geographically dispersed infrastructure. Conversely, decentralized orchestration might complicate consistent reporting and global state management. What are the community's thoughts on the trade-offs here, especially concerning security, network overhead, and operational complexity in a large-scale hybrid cloud setup?