For the complete story goto Security Focus.
With this idea lingering in the heads of millions of opensource project users, how will this be an impact. I, for one, will push to make sure that we here at postnuke implement some form of PGP or MD5 signature signing of all packages available for download.
Jon Todaro
Aka: bone
Postnuke Server Operations
bone/@/the-legend.org