On Apr 11, 2014 4:45 PM, "Taylor Hornby" <havoc@xxxxxxxxx> wrote: > I'm saying: A single trusted person blindly building and singing > packages is more secure than everyone blindly building and signing > packages. As others have said: users should not be blindly building and installing packages. Friendly reminder that install scriptlets run as root with no restrictions. > Would it really be that much? How do other distributions manage it? Yes, it would be that much. Other distributions manage it by either having much, much larger communities than us (e.g. Debian), and thus much more potential donators, or by having corporate backing (e.g. Ubuntu, Fedora).
