Chris January wrote: >>>*Updated* packages are trusted by default. They can be uploaded w/o >>>review. >>> >>> >Not being funny, but this probably shouldn't be the case. I could easily >spoof some mail headers and get a compromised binary uploaded. > Then I suggest you (and other that find in this a security problem) to comment my latest RFC (23/09 13:54 CEST) which tried to resurrect the old thread about using GPG for developers ;-)
Lapo -- Lapo 'Raist' Luchini [EMAIL PROTECTED] (PGP & X.509 keys available) http://www.lapo.it (ICQ UIN: 529796)
