"If a dependency breaks for whatever reason, such as the developer pulling the repository, then your next pristine build is going to fail, you will spot the problem and then do something about it."
Either you or I have mis-understood the person you were replying to. I took the suggestion to be that you make yourself dependent on your local copy (fork, or whatever) of the third party code. That dependency cannot break. (If the original source disappears, you lose the ability to update your local copy, but since there cannot now be any new fixes being posted to that original source, this isn't actually a problem.)
You seem to be advocating just linking to the remote source and only taking a local copy *after* the remote one goes titsup. Sorry, but to me that sounds like being lazy and having to face the consequences at an inconvenient moment, possibly after everyone who understands exactly what to do has left the company.