-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224 > Sorry Steven you obviously don't understand how an apt repository works.I > have a repo on sourceforge and only what I put in there is in there. > Using apt it checks packages files, which I create with reprepro on my own > machine at home, and you can only get what is listed in my repository. > Sourceforge has not added anything, nor can they, to my repo and if they > did it would not be signed and that should immediately ring alarm bells. I think it's more of an issue with supporting a site with a known malware-based business model than anything else. Yes, I could cryptographically secure downloads from spam-are-us.net, but would that: a.) hurt TDE's reputation? b.) open users to potential attack if they ignore a single warning message? c.) help spam-are-us.net advertise their malware? If the answer is yes to any of the above it isn't a good idea to use the service ;-) Tim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iFYEARELAAYFAlYS5Z4ACgkQLaxZSoRZrGHVywDgjAfMGoCtXSAp8nO/kLw1oaRz f0J2tIrFCB0hFQDgygVe/m3NJt2vxPrt+aRInJQTZ+SM+RWTpEKcog== =dDTt -----END PGP SIGNATURE-----