On Fri, Jan 14, 2005 at 05:52:44PM -0500, David Howland wrote: > >binary package is a security hole. Someone can put a malicious code > >into the binary and noone will notice. > > The MD5 will change. He can change the md5 too, of course. You can't checke whether a binary package MD5 belongs to a given source code or not. Cl<