Trust

• Developers sign packages before upload
• Checked against keyring
• Checksums stored in metadata files (Packages and Sources)
• Release file signed
• Links together individual files, signed by the master archive key
• Trust matters
• Security
• Malware prevention