[OpenIndiana-discuss] pkg security and incentives?

[Reginald Beardsley]

I'm happy to build packages for things I use that don't already have pkgs. However, it raises the issue of "On Trusting Trust".  I've generally not been enthusiastic about binary packages because it's so easy to Trojan or backdoor one.
How does OI deal with that?  This is why I have, until very recently, built from source.  Linux made doing that fairly absurd with all the dependencies and as I was just using Linux on a test system for email  I started slacking.  Time to stop.
As an incentive, how about a lottery?  People who build things for their own use and supply an IPS pkg get a ticket in an annual lottery for each pkg they contribute and the prize is of the order of 1000 Euros.
Have Fun!Reg