On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan <lists@xxxxxxxxxx> wrote: > I don't think we need any security team for Arch. New packages are > released within a week of their updates. GPG signing and md5sum > verification is a must though. md5sum verification has ALWAYS been done