> Of course we can't actually ensure that all uploaded packages on the > system are secure, for now we trust the testers of the system but in > future we'll introduce higher security standards. > > If someone can allready point out an eventual solution for this problem > we'll open to consider any suggestion in order to improve the system.
Perhaps an easy thing to do would just be to show whether or not a pckage is signed by a key which is signed by a real debian developer. Ie, use the web of trust. Then at least one can be reasonable sure that the maintainer is real. jack.
