And how user is supposed to know that the company is a trustworthy company just selling their software and not a scam ?
Single Debian volunteer would have to do quite a bit of work to get into position of being able to just push malware into the repo; and if they did it lands in debian unstable/testing so there is also a pretty good chance it would be noticed.
Single Debian volunteer would have to do quite a bit of work to get into position of being able to just push malware into the repo; and if they did it lands in debian unstable/testing so there is also a pretty good chance it would be noticed.