Even if you inspect what's in a package, the executables could still have anything compiled inside them, no?
Maybe what we need is a process for getting unofficial packages built. Eg, user X does all the hard work finding out how to compile/create a package for product Y, then mails the instructions/scripts to user Z( eg pkgmaster team) who builds everything from source, and creates the final package for the other users. Just a thought, Menno _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
