On Fri, Mar 28, 2014 at 1:25 PM, Jonathan Schleifer <js-haiku-development@xxxxxxxxxxx> wrote: > Well, I didn't want to stop after signed packages. But that was what I deemed > the most necessary step, as every developer downloads unsigned packages > during the build process and then later uploads packages. So all that's > needed to plant a backdoor in Haiku is controlling the internet connection of > a single developer once. I don't understand how that's significantly different from simply maintaining hashes of all the binaries in our source control and verifying them during download. There's really no need to sign them assuming we trust devs who have commit access already. If, on the other hand, we believe there are individuals out there who are impersonating already-trusted devs and using their access to upload packages and commit changes to our Git repo, then I guess signing packages might be worthwhile. - Urias