To put things in perspective, I just wonder how strong this 'fortress' really is, and whether this strength is only in our perception or whether it is real. Let me give just one example: A developer downloads a tarball from an upstream source, configures it, and does make install, yet has not even once checked whether this tarball is secure or is not a root kit. Teus.