Not sure how I missed this thread for so long, because I have been thinking of starting my own.

The fact is ANYONE can compile some software, put it in a deb, and stick it on the repo. Are far as I can see there is nothing in place to prevent spyware, rootkits, and other malicous code. I have a seperate boot SD for use at work, it has only packages I compiled myself (On top of Nokia base. I also did some sniffer testing to make sure I did not see any strange packets going to unknown places. I think I am 99.9% sure I am good. I think I am probably the same for my other boot instances I use for home or development, but I am just not going to take any chances....

I have been wondering about the new initatives at Nokia to embrace the opensource projects. On the packages they certify, is someone going through that code or doing some type of security.

Perhaps some type of certification process/community review with a secure repo would be nice. Not everything would have to be in it, but it would be a start