On Apr 11, 2014 4:45 PM, "Taylor Hornby" <ha...@defuse.ca> wrote:
> I'm saying: A single trusted person blindly building and singing
> packages is more secure than everyone blindly building and signing
> packages.
As others have said: users should not be blindly building and installing
packages. Friendly reminder that install scriptlets run as root with no
restrictions.

> Would it really be that much? How do other distributions manage it?
Yes, it would be that much. Other distributions manage it by either having
much, much larger communities than us (e.g. Debian), and thus much more
potential donators, or by having corporate backing (e.g. Ubuntu, Fedora).

Reply via email to