Security Concern - Open Source Binaries

simplejack simplejack at
Mon Jun 8 00:33:02 CEST 2009

Is sourceforge (or any of the other repositories for open source software)
actually doing a compile and compare of uploaded source code to ensure that
uploaded binaries are legitimate?

I know, I know: I'm lazy. Why should the processing burden be centralized
vs. distributed, but having a central body actually signing off on the
legitimacy of the files they are sending would go a long way to reassuring
it's users.
View this message in context:
Sent from the GnuPG - User mailing list archive at

More information about the Gnupg-users mailing list