http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php clearly shows the problematic situation of not having cryptographic signatures or tools to check it offline. This could easily break the trust chain and therefore introduce backdoors in Debian even when upstream and Debian packagers didn't do anything wrong.
_______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
