For anyone interested, Jason pointed me to a discussion on issues of package security: http://www.debian.org/News/weekly/1999/24/#signdebs http://www.debian.org/Lists-Archives/debian-devel-9906/thrd3.html#01350