Hi.
On Sun, 28 Oct 2007 13:40:25 -0700, Andrew Farris wrote
A malicious package that gets placed into the system by a maintainer would come flying down into your system 'signed' by an autosign process too... and you'd happily not notice.
Yes. That waoy I'd have to trust the maintainer and our build system.
As it stands now, I have to trust the maintainer, the build system and the rest of the internet.
Which is rather a lot of trust.