On 8/22/05, Hamish Moffatt <[EMAIL PROTECTED]> wrote: > Really? The maintainer can still embed "rm -rf /" in the postinst either > way. We need to be able to trust developers. > > Similarly, sponsored packages should be rebuilt because the project > hasn't decided to official trust those contributors.
But it's far easier to check (audit?) source code then to check binaries.
