On Thu, 03 Apr 2008 12:56:59 +0100 Mike Auty <[EMAIL PROTECTED]> wrote: > Petteri Räty wrote: > | Yeah, you only need access to one ebuild to do whatever you want to > | user's systems. > > Perhaps then we should direct more of our efforts towards the GPG > package signing system, so that when a dev becomes a libability, their > keys can be revoked?
Signing offers no protection against a malicious developer. -- Ciaran McCreesh
signature.asc
Description: PGP signature
