-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

> Sorry Steven you obviously don't understand how an apt repository works.I
> have a repo on sourceforge and only what I put in there is in there.
> Using apt it checks packages files, which I create with reprepro on my own
> machine at home, and you can only get what is listed in my repository.
> Sourceforge has not added anything, nor can they, to my repo and if they
> did it would not be signed and that should immediately ring alarm bells.

I think it's more of an issue with supporting a site with a known
malware-based business model than anything else.  Yes, I could
cryptographically secure downloads from spam-are-us.net, but would that:
a.) hurt TDE's reputation?
b.) open users to potential attack if they ignore a single warning message?
c.) help spam-are-us.net advertise their malware?

If the answer is yes to any of the above it isn't a good idea to use the
service ;-)

Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iFYEARELAAYFAlYS5Z4ACgkQLaxZSoRZrGHVywDgjAfMGoCtXSAp8nO/kLw1oaRz
f0J2tIrFCB0hFQDgygVe/m3NJt2vxPrt+aRInJQTZ+SM+RWTpEKcog==
=dDTt
-----END PGP SIGNATURE-----