Kyle <speakup at linux-speakup.org> wrote: >Arch for some time now has signed packages with verified signatures. >That blog post is over a year old. Arch is as secure as any other distro >when it comes to package integrity these days. One feature that Arch reportedly does not have is separate packages for debug symbols. If you need to obtain a backtrace to report a bug, you have to re-compile the relevant library/executable with symbol generation enabled. In most distributions these days, you can simply download the symbols as a "debug" package. I expect Arch to gain this feature eventually. It takes a while for new distributions to mature, and it's worth remembering that Debian, Red Hat and their derivatives have been around since the relatively early stages of Linux development, so their package management systems have had plenty of time to accumulate features.
