http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php clearly shows the problematic situation of not having cryptographic signatures or tools to check it offline. This could easily break the trust chain and therefore introduce backdoors in Debian even when upstream and Debian packagers didn't do anything wrong.
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
