Andrew Suffield <asuffield@debian.org> writes: > To be decently secure, you need the target system to refuse to accept > packages that don't have an acceptable trust path. Have you actually tried to determine whom and which machines you have to trust implicitly when trusting a particular Debian package? I guess this gets really messy pretty soon.