On Wed, Nov 18, 2009 at 14:44:20 -0500,
Konstantin Ryabitsev <icon(a)fedoraproject.org> wrote:
Okay, so someone managed to get local shell via firefox. How does
installing trusted packages further their nefarious purposes?
There are nuances to trust. Just because you trust a repository to not
intentionally provide tampered packages, doesn't mean you want to trust
specific packages.