> I partly concur. Even if the developer->user channel was completely > secured by signatures et al, we would still have the problem of an > attacker gaining very much by breaking into a single developer's > machine. You're netbase package is a good example: it contains a > couple of programs usually started as root. If your developing machine > is compromised, and your copy of the source modified, the evil guy may > gain entry into a large number of Debian boxen.
All packages can run things as root. Even the most simple game.